25-66
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 25 Configuring IKE and IPsec Policies
Configuring IKEv2 Authentication in Site-to-Site VPNs
IKEv2 Authentication (Override) Dialog Box
Use the IKEv2 Authentication dialog box to configure overrides to the IKEv2 authentication global
settings for a site-to-site VPN. For more information about IKEv2 global and override authentication
settings, see Configuring IKEv2 Authentication in Site-to-Site VPNs, page 25-62.
Navigation Path
From the Override IKEv2 Authentication Settings tab of the IKEv2 Authentication policy (see IKEv2
Authentication Policy, page25-64), click the Add Row (+) button or select an override in the table and
click Edit Row (pencil).
Field Reference
Override IKEv2
Authentication Settings tab
The table lists the IKEv2 authentication overrides defined for the VPN.
These policies take precedence over the preshared key/PKI
configuration defined in the global settings. Do any of the following to
configure overrides:
To add an override, click the Add Row (+) button and fill in the
IKEv2 Authentication dialog box. You select the local and remote
peers for which to create the override, and then specify the
preshared key or CA server that should be used. See IKEv2
Authentication (Override) Dialog Box, page 25-66.
To edit an override, select it in the table and click the Edit Row
(pencil) button.
To delete an override, select it in the table and click the Delete Row
(trash can) button.
Table25-14 IKEv2 Authentication Policy (Continued)
Element Description
Table25-15 IKEv2 Authentication Dialog Box
Element Description
Local Peers
Remote Peers
The local and remote sides of the tunnels for which you are defining
this override.
To add devices to the list, click the Select button to the right of the list
to open the Local or Remote Peer Selection dialog box. In that dialog
box, select the desired peers in the Available list and click >> to move
them to the Selected list. You can deselect a device by doing the reverse
(using the << button).
The list of available devices includes only those devices that support
IKEv2 connections, which might not be all of the devices in the VPN.