ISAKMP/IKE Phase 1 Management Connection
In this first part of the chapter, I’ll focus on the components necessary to allow IPsec traffic into the PIX/ASA and to build a management connection to a remote peer. Much of what I discuss here is applicable to both L2L and remote access sessions.
Allowing IPsec Traffic
Your first task is to allow IPsec session traffic into your PIX/ASA. Unlike Cisco routers, PIX/ASA devices behave differently when traffic is flowing through them. With these security appliances, interfaces are assigned security levels, and based on security level configurations, traffic is not allowed to flow from a lower to a higher level, by default. In most cases, your IPsec session traffic will be terminated on the device’s outside ...