Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Attributes Pushed to Client (Optional), IKE Policy

6-5

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter6 VPN Wizards

IPsec IKEv1 Remote Access Wizard

•Range Start Address—Type the starting IP address in the address pool.

•Range End Address—Type the ending IP address in the address pool.

•Subnet Mask—(Optional) Choose the subnet mask for these IP addresses.

Attributes Pushed to Client (Optional)

Use the Attributes Pushed to Client (Optional) pane to have the ASA pass information about DNS and

WINS servers and the default domain name to remote access clients.

Fields

•Tunnel Group—Displays the name of the connection policy to which the address pool applies. You

set this name in the VPN Client Name and Authentication Method pane.

•Primary DNS Server—Type the IP address of the primary DNS server.

•Secondary DNS Server—Type the IP address of the secondary DNS server.

•Primary WINS Server—Type the IP address of the primary WINS server.

•Secondary WINS Server— Type the IP address of the secondary WINS server.

•Default Domain Name—Type the default domain name.

IKE Policy

IKE, also called Internet Security Association and Key Management Protocol (ISAKMP), is the

negotiation protocol that lets two hosts agree on how to build an IPsec Security Association. Each IKE

negotiation is divided into two sections called Phase1 and Phase 2.

•Phase 1 creates the first tunnel, which protects later IKE negotiation messages.

•Phase 2 creates the tunnel that protects data.

Use the IKE Policy pane to set the terms of the Phase 1 IKE negotiations, which include the following:

•An encryption method to protect the data and ensure privacy.

•An authentication method to ensure the identity of the peers.

•A Diffie-Hellman group to establish the strength of the of the encryption-key-determination

algorithm. The ASA uses this algorithm to derive the encryption and hash keys.

Fields

•Encryption—Select the symmetric encryption algorithm the ASA uses to establish the Phase 1 SA

that protects Phase 2 negotiations. The ASA supports the following encryption algorithms:

Algorithm Explanation

DES Data Encryption Standard. Uses a 56-bit key.

3DES Triple DES. Performs encryption three times using a 56-bit key.

AES-128 Advanced Encryption Standard. Uses a 128-bit key.

AES-192 AES using a 192-bit key.

AES-256 AES using a 256-bit key.

Cisco Systems Attributes Pushed to Client (Optional), IKE Policy