Home > Articles > Cisco Network Technology > General Networking > Configuring the Cisco PIX Firewall for CA Site-to-Site

Configuring the Cisco PIX Firewall for CA Site-to-Site

Chapter Description

This sample chapter explains how to configure Cisco Secure PIX Firewall certificate authority (CA) support for Internet Protocol Security (IPSec). After presenting an overview of the configuration process, the chapter shows you each major step of the configuration, including support tasks, IKE, and IPSec.

Configure CA Support Tasks

This chapter covers how to configure the PIX Firewall to work with a CA. It does not cover the configuration of the CA server, only how the Cisco products interact with one. The lab provides you with the opportunity to configure components in a way that mimics a real network. This section presents an overview of the major tasks you will have to perform to configure a PIX Firewall for CA support.

The IPSec configuration process can be summarized in five major tasks, outlined as follows. To provide more detail, the general tasks used to configure IPSec encryption on the PIX Firewall are summarized here. Subsequent sections of this chapter discuss the CA configuration tasks and steps in detail. Tasks and steps that are identical to those of preshared keys are not covered in detail. Please refer to Chapter 6, "Configuring the Cisco PIX Firewall for Preshared Keys Site-to-Site," for the detailed explanation of these steps.

  • Task 1: Prepare for IPSec—This task consists of several steps to identify CA server details, determine IPSec policies, ensure that the network works, and ensure that the PIX Firewall can support IPSec.

  • Task 2: Configure CA support—This task consists of several configuration steps that are required to enable the PIX Firewall to use a CA server.

  • Task 3: Configure Internet Key Exchange (IKE) parameters—This task consists of several configuration steps that ensure that IKE can set up secure channels to desired IPSec peers. Then IKE can set up IPSec SAs, enabling IPSec sessions.

  • Task 4: Configure IPSec parameters—This task consists of several configuration steps that specify IPSec SA parameters between peers and set global IPSec values.

  • Task 5: Test and verify VPN configuration—After you configure IPSec, you need to verify that you have configured it correctly and ensure that it works.

2. Task 1: Prepare for IPSec | Next Section