Filter
Top Products
30-17
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Configuring Connection Profiles (ASA, PIX 7.0+)
Field Reference
Table 30-7 Connection Profiles IPsec Tab
Element Description
Preshared Key
(IKEv1 only.)
The preshared key for the connection profile. The maximum length of
a preshared key is 127 characters. Enter the key again in the Confirm
field.
Tip You cannot configure preshared keys for IKEv2 remote access
VPNs.
Trustpoint Name
(IKEv1 only.)
The name of the PKI enrollment policy object that defines the trustpoint
name if any trustpoints are configured for IKEv1 connections. A
trustpoint represents a Certificate Authority (CA)/identity pair and
contains the identity of the CA, CA-specific configuration parameters,
and an association with one enrolled identity certificate.
Click Select to select the object from a list or to create a new object.
Tips
• If you specify a trustpoint, you must also select the same PKI
enrollment object in the Public Key Infrastructure policy. For more
information, see Configuring Public Key Infrastructure Policies for
Remote Access VPNs, page 25-52.
• For IKEv2, you configure the trustpoint on the IKEv2 Settings tab
of the Global Settings policy; see Configuring VPN Global IKEv2
Settings, page 25-34.
IKE Peer ID Validation Select whether IKE peer ID validation is ignored (Do not check),
required, or checked only if supported by a certificate. During IKE
negotiations, peers must identify themselves to one another.
Enable Sending Certificate
Chain
Whether to enable the sending of the certificate chain for authorization.
A certificate chain includes the root CA certificate, identity certificate,
and key pair.
Enable Password Update
with RADIUS
Authentication
Whether to enable passwords to be updated with the RADIUS
authentication protocol. For more information, see Supported AAA
Server Types, page 6-25.
ISAKMP Keepalive Whether to monitor ISAKMP keepalive. If you select the Monitor
Keepalive option, you can configure IKE keepalive as the default
failover and routing mechanism. Enter the following parameters:
• Confidence Interval—The number of seconds that a device waits
between sending IKE keepalive packets.
• Retry Interval—The number of seconds a device waits between
attempts to establish an IKE connection with the remote peer. The
default is 2 seconds.
For more information, see Configuring VPN Global ISAKMP/IPsec
Settings, page 25-30.