Cisco Systems ISA550 Universal Remote User Manual


 
VPN
Configuring Teleworker VPN Client
Cisco ISA500 Series Integrated Security Appliances Administration Guide 364
8
NOTE When the security appliance is acting as a Cisco VPN hardware client, the following
IKE policy and transform set are used by default. The IKE policy and transform set
used on the security appliance are unconfigurable.
This section describes how to configure the Teleworker VPN Client feature. Refer
to the following topics:
Required IPsec VPN Servers, page 364
Benefits of the Teleworker VPN Client Feature, page 365
Modes of Operation, page 365
General Teleworker VPN Client Settings, page 368
Configuring Teleworker VPN Client Group Policies, page 369
Required IPsec VPN Servers
The Teleworker VPN Client feature requires that the destination peer is an ISA500
device acting as the IPsec VPN server, or a Cisco IOS router (such as C871, C1801,
C1812, C1841, and C2821) or a Cisco ASA5500 platform that supports the IPsec
VPN server feature.
The Teleworker VPN Client feature supports configuration of only one destination
peer. If your application requires multiple VPN tunnels, you must manually
configure the VPN tunnel and Network Address Translation/Peer Address
Translation (NAT/PAT) parameters on both client and server.
Field Setting
IKE Policy Encryption = ESP_AES_256
Hash = SHA
Authentication = Pre-shared Key
D-H Group = Group 2
Transform Set Integrity = SHA
Encryption = ESP_AES_256