Home > Articles > Cisco Network Technology > Network Administration & Support > Configuring the Cisco PIX Firewall for CA Site-to-Site

Configuring the Cisco PIX Firewall for CA Site-to-Site

Chapter Description

This sample chapter explains how to configure Cisco Secure PIX Firewall certificate authority (CA) support for Internet Protocol Security (IPSec). After presenting an overview of the configuration process, the chapter shows you each major step of the configuration, including support tasks, IKE, and IPSec.

Task 4: Configure IPSec

The next major task in configuring PIX Firewall IPSec is to configure IPSec parameters that you previously determined. This section presents the steps used to configure IPSec parameters for IKE RSA signatures.


The following steps are identical to those for configuring preshared keys. Refer to Chapter 6 for the detailed explanation of each step.

The general tasks and commands used to configure IPSec encryption on the PIX Firewall are summarized as follows. Along with this chapter, they are covered in detail in Chapter 6.

Step 1

Configure crypto access lists with the access-list command.

Step 2

Configure transform set suites with the crypto ipsec transform-set command.

Step 3

Configure crypto maps with the crypto map command.

Step 4

Configure global IPSec SA lifetimes with the crypto ipsec security-association lifetime command.

Step 5

Apply crypto maps to the terminating/originating interface with the crypto map map-name interface command.

Step 6

Verify IPSec configuration using the variety of available show commands.

7. Task 5: Test and Verify VPN Configuration | Next Section Previous Section