User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
VPN
Configuring the Cisco IPSec VPN Server
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 235
8
Configuring the Group Policies for Cisco IPSec VPN Server
This section describes how to enable the Cisco IPSec VPN Server feature and
specify the group policies that can be used by the remote clients to establish the
IPSec VPN tunnels.
NOTE The security appliance supports up to 16 group policies for Cisco IPSec VPN
Server.
STEP 1 Click VPN -> Remote User Access -> Cisco IPSec VPN Server.
The Cisco IPSec VPN Server window opens. All existing group policies are listed
in the table.
STEP 2 Click On to enable the Cisco IPSec VPN Server feature and set the security
appliance as a head-end device in remote access VPN, or click Off to disable it.
STEP 3 Specify the group policies that can be used by the remote clients to establish the
IPSec VPN tunnels. To add a group policy, click Add.
Other Options: To edit an entry, click Edit. To delete an entry, click Delete.
After you click Add or Edit, the Cisco IPSec VPN Server - Add/Edit window opens.
STEP 4 In the Basic Settings tab, enter the following information:
• Group Name: Enter the name for the group policy.
• WAN Interface: Choose the WAN interface that the traffic passes through
over the IPSec VPN tunnel.
• Authentication Method: Choose the authentication method.
- Preshare: If you choose this option, enter the desired value that the peer
device must provide to establish a connection in the Password field. The
pre-shared key must be entered exactly the same here and on the remote
clients.
- Certificate: If you choose this option, choose the local certificate and the
peer certificate for authentication. On the remote clients, the selected
local certificate should be set as the peer certificate, and the selected
peer certificate should be set as the local certificate. If the certificates are
not in the list, go to the Device Management -> Certificate
Management page to import the certificates. See Managing the
Certificates for Authentication, page 310.