30-33
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Working with IPSec VPN Policies
Configuring an IPsec Proposal on a Remote Access VPN Server (ASA, PIX 7.0+
Devices)
This procedure describes how to create or edit an IPsec proposal for your remote access VPN server
when the server is an ASA or PIX 7.0+ device. If you are configuring an IPsec proposal for IOS or PIX
6.3 devices, including Catalyst 6500/7600 devices, see Configuring an IPsec Proposal on a Remote
Access VPN Server (IOS, PIX 6.3 Devices), page 32-3
An IPsec proposal is a collection of one or more crypto maps. A crypto map combines all the components
required to set up IPsec security associations (SAs), including IPsec rules, transform sets, remote peers,
and other parameters that might be necessary to define an IPsec SA.
When configuring an IPsec proposal, you must define the external interface through which the remote
access clients connect to the server, the IKE version to use during IKE negotiation, and the encryption
and authentication algorithms that protect the data in the VPN tunnel. You can also enable reverse route
injection and NAT traversal.
For more information on IPsec tunnel concepts, see Understanding IPsec Proposals, page 25-17.
Related Topics
Table Columns and Column Heading Features, page1-46
Step 1 Do one of the following:
(Device view) Select Remote Access VPN > IPSec VPN > IPsec Proposal (ASA/PIX 7.x) from
the Policy selector.
(Policy view) Select Remote Access VPN > IPSec VPN > IPsec Proposal (ASA/PIX 7.x) from the
Policy Type selector. Select an existing policy or create a new one.
The IPsec Proposal page opens and lists the configured proposals, including the VPN endpoint, IPsec
transform set, and whether reverse route injection is configured for the proposal.
Step 2 Do any of the following:
To add a new IPsec proposal, click the Add Row (+) button and fill in the IPsec Proposal Editor
dialog box. For detailed information on the available options, see IPsec Proposal Editor (ASA, PIX
7.0+ Devices), page 30-33.
To edit an existing proposal, select it and click the Edit Row (pencil) button.
To delete a proposal, select it and click the Delete Row (trash can) button.

IPsec Proposal Editor (ASA, PIX 7.0+ Devices)

Use the IPsec Proposal Editor to create or edit an IPsec proposal for an ASA or PIX 7.0+ device.
The elements in this dialog box differ according to the selected device. The table below describes the
elements on the General tab in the IPsec Proposal Editor dialog box when an ASA or PIX 7.0+ device
is selected.
Note For a description of the elements in the dialog box when a PIX 7.0+ or ASA device is selected is selected,
see IPsec Proposal Editor (IOS, PIX 6.3 Devices), page 32-4.