Chapter 2. Deploying Cisco ASA IPsec VPN Solutions

This chapter covers site-to-site IKEv1/IKEv2 IPsec virtual private network (VPN), remote-access IKEv2 IPsec VPN (AnyConnect) and remote-access IKEv1 IPsec VPN (Easy VPN) solutions on Cisco Adaptive Security Appliances (ASA). Although IP Security (IPsec) VPN termination on Cisco ASA does not require additional licensing, the number of supported concurrent IPsec sessions on each box is limited by platform model, ranging from 10 to 10,000. Because of its early implementation on Cisco ASA, expect interoperability issues if using AnyConnect with IKEv2 and IKEv2 site-to-site IPsec VPNs.

Tunnels established between any two ASA IPsec peers are created on demand as follows:

1. When interesting traffic ...

Get CCNP Security VPN 642-648 Quick Reference now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.