Cisco Systems ISA550 Starting the Site-to-Site VPN Wizard, Configuring VPN Peer Settings

Configuration Wizards

Using the Site-to-Site VPN Wizard to Confi gure Site-to-Site VPN

Cisco ISA500 Series Integrated Security Appliances Administration Guide 67

Starting the Site-to-Site VPN Wizard

STEP 1 Click Configuration Wizards > Site-to-Site VPN Wizard.

STEP 2 Click Next.

Configuring VPN Peer Settings

STEP 3 Use the VPN Peer Settings page to configure an IPsec VPN policy for establishing

the VPN connection with a remote router.

•Profile Name: Enter the name for the IPsec VPN policy.

•WAN Interface: Choose the WAN port that traffic passes through over the

VPN tunnel.

•Remote Type: Specify the type of the remote peer:

-Static IP: Choose this option if the remote peer uses a static IP address.

Enter the IP address of the remote device in the Remote Address field.

-Dynamic IP: Choose this option if the remote peer uses a dynamic IP

address.

-FQDN (Fully Qualified Domain Name): Choose this option if you want to

use the domain name of the remote network such as vpn.company.com.

Enter the domain name of the remote device in the Remote Address field.

•Authentication Method: Specify the authentication method.

-Pre-Shared Key: Uses a simple, password-based key to authenticate. If

you choose this option, enter the desired value that the peer device must

provide to establish a connection in the Key field. The pre-shared key

must be entered exactly the same here and on the remote peer.

-Certificate: Uses the digital certificate from a third party Cer tificate

Authority (CA) to authenticate. If you choose this option, select a CA

certificate as the local certificate from the Local Certificate drop-down

list and select a CA certificate as the remote certificate from the Remote

Certificate drop-down list. The selected remote certificate on the local

gateway must be set as the local certificate on the remote peer.

NOTE: You must have valid CA certificates imported on your security

appliance before you use the digital certificates to authenticate. Go to the

Device Management > Certificate Management page to import the CA

certificates. See Managing Certificates for Authentication, page 418.