Specifications

ManualsBrandsCisco ManualsHome building and DecorPIX 525

451

452

453

454

455

456

457

458

459

460

28-2

Cisco Security Appliance Command Line Configuration Guide

OL-6721-01

Chapter 28 Configuring LAN-to-LAN VPNs

Configuring Interfaces

A security appliance has at least two interfaces, referred to here as outside and inside. Typically, the

outside interface is connected to the public Internet, while the inside interface is connected to a private

network and is protected from public access.

To begin, configure and enable two interfaces on the security appliance. Then, assign a name, IP address

and subnet mask. Optionally, configure its security level, speed, and duplex operation on the security

appliance.

To configure interfaces, perform the following steps, using the command syntax in the examples:

Step 1 To enter Interface configuration mode, in global configuration mode enter the interface command with

the default name of the interface to configure. In the following example the interface is ethernet0.

hostname(config)# interface ethernet0

hostname(config-if)#

Step 2 To set the IP address and subnet mask for the interface, enter the ip address command. In the following

example the IP address is 10.10.4.100 and the subnet mask is 255.255.0.0.

hostname(config-if)# ip address 10.10.4.100 255.255.0.0

hostname(config-if)#

Step 3 To name the interface, enter the nameif command, maximum of 48 characters. You cannot change this

name after you set it. In the following example the name of the ethernet0 interface is outside.

hostname(config-if)# nameif outside

hostname(config-if)##

Step 4 To enable the interface, enter the no version of the shutdown command. By default, interfaces are

disabled.

hostname(config-if)# no shutdown

hostname(config-if)#

Step 5 To save your changes, enter the write memory command.

hostname(config-if)# write memory

hostname(config-if)#

Step 6 To configure a second interface, use the same procedure.

Configuring ISAKMP Policy and Enabling ISAKMP on the

Outside Interface

The Internet Security Association and Key Management Protocol, also called IKE, is the negotiation

protocol that lets two hosts agree on how to build an IPSec security association. Each ISAKMP

negotiation is divided into two sections called Phase1 and Phase 2.

Phase 1 creates the first tunnel, which protects later ISAKMP negotiation messages. Phase 2 creates the

tunnel that protects data travelling across the secure connection.