ISAKMP/IKE Phase 1 Management Connection

In this first part of the chapter, I’ll focus on the components necessary to allow IPsec traffic into the PIX/ASA and to build a management connection to a remote peer. Much of what I discuss here is applicable to both L2L and remote access sessions.

Allowing IPsec Traffic

Your first task is to allow IPsec session traffic into your PIX/ASA. Unlike Cisco routers, PIX/ASA devices behave differently when traffic is flowing through them. With these security appliances, interfaces are assigned security levels, and based on security level configurations, traffic is not allowed to flow from a lower to a higher level, by default. In most cases, your IPsec session traffic will be terminated on the device’s outside ...

Get The Complete Cisco VPN Configuration Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.