Home > Articles > Cisco Network Technology > General Networking > Configuring the Cisco ASA IPSec VPN

Configuring the Cisco ASA IPSec VPN

Article Description

The security of data that is being transmitted over a network is one of the key responsibilities of a security engineer/administrator. One of the ways that this data can be secured is by using IP Security (IPsec). IPsec can be configured on the Cisco Adaptive Security Appliance (ASA) to secure data going between LAN devices (LAN-to-LAN) and between a LAN device and an IPsec client (e.g., Windows, Linux, or Mac clients). Sean Wilkins goes over the high-level basics of how IPsec operates and how it can be configured on a Cisco ASA.
Phase 2 IKE IPSec Transform Sets (v1) and Proposals (v2)

Phase 2 IKE IPSec Transform Sets (v1) and Proposals (v2)

Just like the Phase 1 IKE SA, the ASA supports both IKE versions when securing the actual traffic using IKEv1 IPsec Transform Sets or IKEv2 IPsec Proposals. When using IKEv1, the parameters used between devices to set up the Phase 2 IKE IPsec SA is also referred to as an IKEv1 transform set and includes the following:

  • Encryption Method (esp-aes, esp-aes-192, esp-aes-256, esp-des, esp-3des or esp-null)
  • Authentication Method (esp-md5-hmac, esp-sha-hmac or esp-none)

When using IKEv2, the parameters used between devices to set up the Phase 2 IKE IPsec SA is also referred to as an IKEv2 proposal and includes the following:

  • Encryption Method (des, 3des, aes, aes-192, aes-256 or null)
  • Authentication Method (md5, sha-1 or null)
4. Basic ASA IPsec VPN Configuration | Next Section Previous Section