VPN
Configuring a Site-to-Site VPN
Cisco ISA500 Series Integrated Security Appliances Administration Guide 349
8
• If you only want to create the IPsec VPN policy and do not want to
immediately activate the connection after the settings are saved, click the
Do Not Activate button. The connection will be triggered by any traffic that
matches the IPsec VPN policy and the VPN tunnel will be set up
automatically. You can also click the Connect icon to manually establish the
VPN connection.
STEP 8 Click Save to apply your settings.
Configuring IKE PoliciesThe Internet Key Exchange (IKE) protocol is a negotiation protocol that includes an
encryption method to protect data and ensure privacy. It is also an authentication
method to verify the identity of devices that are trying to connect to your network.
You can create IKE policies to define the security parameters (such as
authentication of the peer, encryption algorithms, and so forth) to be used for a
VPN tunnel.
NOTE Up to 16 IKE policies can be configured on the security appliance.
STEP 1 Click VPN > Site-to-Site > IKE Policies .
The IKE Policies window opens. The default and custom IKE policies are listed in
the table.
STEP 2 To add a new IKE policy, click Add.
Other options: To edit an entry, click the Edit (pencil) icon. To delete an entry, click
the Delete (x) icon. To delete multiple entries, check them and click Delete. The
default IKE policy (DefaultIke) cannot be edited or deleted.
The IKE Policy - Add/Edit window opens.
STEP 3 Enter the following information:
•Name: Enter the name for the IKE policy.
•Encryption: Choose the algorithm used to negotiate the security
association. There are four algorithms supported by the security appliance:
ESP_3DES, ESP_AES_128, ESP_AES_192, and ESP_AES_256.
•Hash: Specify the authentication algorithm for the VPN header. There are
two hash algorithms supported by the security appliance: SHA1 and MD5.