User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
VPN
Configuring the Site-to-Site VPN
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 247
8
• (Optional) Import the certificate for authentication between two peers. Skip
this step if you want to use the pre-shared key for authentication. See
Managing the Certificates for Authentication, page 310.
• Enable the Site-to-Site VPN feature on your security appliance. See
General Site-to-Site VPN Settings, page 247.
• Configure the IPSec IKE policies. See Configuring the IPSec IKE Policies,
page 254.
• Configure the IPSec Transform policies. See Configuring the IPSec
Transform Policies, page 256.
• Configure the IPSec VPN policies. See Configuring the IPSec VPN
Policies, page 248.
• Check the box of an enabled IPSec VPN policy, and then click Connect to
initiate the IPSec VPN connection.
• Check the status and statistic information for IPSec VPN tunnels. See
Monitoring the IPSec VPN Status, page 269.
General Site-to-Site VPN Settings
STEP 1 Click VPN -> Site-to-Site -> IPSec Policies.
The IPSec Policies window opens. All existing IPSec VPN policies are listed in the
table. You can check the following information of an IPSec VPN policy:
• Name: The name of the IPSec VPN policy.
• Enable: Shows that the IPSec VPN policy is enabled or disabled.
• Status: Shows if the IPSec VPN tunnel is connected or disconnected.
• WAN Interface: The WAN interface that the traffic over the IPSec VPN tunnel
passes through.
• Peers: The IP address of the remote peer.
• Zone Access: The zone to which the remote peer can access.
• Local: The local network of the local peer.
• Remote: The remote network of the remote peer.
• Policy: The IKE policy used for the IPSec VPN policy.