25-64
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 25 Configuring IKE and IPsec Policies
Configuring IKEv2 Authentication in Site-to-Site VPNs
To delete an override, select it in the table and click the Delete Row (trash can) button.
IKEv2 Authentication Policy
Use the IKEv2 Authentication policy to configure the device authentication settings for Internet Key
Exchange (IKE) version 2 in site-to-site VPNs. These settings apply to ASA 8.4(1)+ devices only. For
more information about configuring IKEv2 authentication, see Configuring IKEv2 Authentication in
Site-to-Site VPNs, page 25-62.
The policy contains two tabs:
Global IKEv2 Authentication Settings—The global settings apply to all devices in the VPN unless
overrides are configured on the Overrides tab. Configure the global settings to represent the
authentication scheme used by most devices in the VPN.
Override IKEv2 Authentication Settings—The override settings apply unique authentication
settings to specific tunnels, allowing you to create unique preshared key and trustpoint combinations
that are required by various tunnels in the VPN. The settings you configure on this tab are used first
and always take precedence over the global settings.
Navigation Path
Open the Site-to-Site VPN Manager Window, page 24-18, select a regular IPsec topology (that supports
IKEv2) in the VPNs selector, then select IKEv2 Authentication in the Policies selector.
This policy is not available as a shared policy.
Related Topics
Understanding IKE, page 25-5
Understanding IPsec Proposals for Site-to-Site VPNs, page 25-18
Filtering Tables, page1-45
Table Columns and Column Heading Features, page1-46