- About This Guide
- Feature Differences
- Introducing the ASA System
- Getting Started
- Building Basic IPSec VPN Tunnels
- Performing Selected User Management Tasks
- Configuring Traffic Management
- Mapping Topics from VPN 3000 Series Concentrators to ASDM
- Mapping Debug/Event Levels from VPN 3000 Series Concentrators to the ASA
- Index
Numerics -
A -
B -
C -
D -
E -
F -
G -
H -
I -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
Z
Index
Numerics
7.0 - 7.1 feature map, VPN 3000 to security appliance 15
7.2 feature map, VPN 3000 to security appliance 26
A
AAA
attributes that are not available in external groups for ASA 22
comparing VPN 3000 with ASA 22
fallback mechanism 22
tunnel groups and group policies on ASA 22
AAA server groups, adding AAA hosts 111
accounting
management traffic, VPN 3000 vs. ASA 22
RADIUS, comparing VPN 3000 with ASA 22
ACL manager 104
ACLs
adding 103
bypassing
LAN-to-LAN IPSec traffic 74, 86
comparing VPN 3000 with ASA 25
configuring for LAN-to-LAN 70
downloadable 18
Active/Standby Stateful Failover, WebVPN 20
adaptive security appliance, overview 31
Advanced Inspection and Prevention Security Services Module (AIPSSM) 17
AES 66
Aggressive Mode 17
AIP SSM 17
Are You There (AYT) firewall policy 97, 102
ASA system, overview 31
attribute-value pairs (AVP) 35
authentication, certificate 60
B
bandwidth reservation, comparing VPN 3000 with ASA 24
C
Central Protection Policy (CPP) 97, 102
certificate enrollment
authenticating to the CA 60
generating key pairs 56
summary of steps 56
trustpoint configuration 58
certificate management in ASDM 62
Certificate Revocation Checking 27
CIFS, WebVPN 20
Citrix support, WebVPN 20
CLI 17
client firewall 101
Are You There (AYT) policy 97, 102
Central Protection Policy (CPP) 97, 102
configuring 97
allowing HTTP traffic 105
default 97
rules for firewall filters 97
group policy 99
local 97
policies 101
Compression, WebVPN and SSL VPN 20
configuring
AAA hosts 111
ACLs 70, 103
address management method 45
address pools 108
administrator password 45
authentication 45
client firewall 97
crypto map, IPSec LAN-to-LAN tunnel 72
default client firewall 97
dynamic crypto map, remote-access tunnel 84
extended access list rule 103
external authentication 113
external server 108
external server group 109
group policy, client firewall 99
interfaces
IPSec LAN-to-LAN tunnel 64, 68
remote-access tunnel 76, 79
internal server user database 45
IP interfaces 44
IPSec group 45
IPSec LAN-to-LAN tunnel 63
ISAKMP policy
IPSec LAN-to-LAN tunnel 65
remote-access tunnel 77
load balancing 115
network list 89
QoS 119
RADIUS 108
split tunneling 89
system information 44
transform set, remote-access tunnel 81
tunnel group
IPSec LAN-to-LAN tunnel 71
remote-access tunnel 82
split tunneling 94
tunneling protocols and options 44
user access, remote-access tunnel 80
configuring users 17
connection timeout, TCP 19
CRLs 27
crypto map
applying to interfaces 74
configuring for LAN-to-LAN 72
D
data integrity, Phase 2, default setting 16
dbgtrace logging levels, security appliance 18
DDNS 28
default
DefaultL2Lgroup 32
DefaultRAgroup 32
DfltGrpPolicy 36
group policy 36
default group policy 35
default tunnel group 32
Denial of Service (DoS) attack 17
DES, IKE policy keywords (table) 66
Diffie-Hellman, groups supported 66
documentation
additional vii
cautions ix
notes ix
DoS attack 17
DSA key 19
dynamic crypto map
configuring for remote access 84
dynamic DNS 28
E
encryption algorithm, default 16
enrolling for certificate
authenticating to the CA 60
generating key pairs 56
summary of steps 55
trustpoint configuration 58
enrolling for identity certificate 61
extended access list rule 103
external authentication, configuring for tunnel group 113
external server
configuring 108
protocols supported 110
external server group, configuring 109
F
fallback, VPN 3000 vs. ASA 22
feature map
VPN 3000 to Version 7.2 security applliance 26
VPN 3000 to Versions 7.0 and 7.1 security appliance 15
filters
comparing VPN 3000 with ASA 25
VPN 3000 18
firewall
client 97
unlocking, comparing VPN 3000 with ASA 25
firewall policy 101
firewall types 101
G
general attributes, tunnel group 33
general tunnel-group connection parameters 33
Graphical User Interface 17
Group 5, Diffie Hellman 66
group lock
comparing VPN 3000 with ASA 23
group policy
client firewall 99
configuring 36
default 36
definition 35
split tunneling 92
group policy, default 35
H
HTTP traffic 105
hub-and-spoke configuration 17
hybrid server group, support on VPN 3000 vs. ASA 22
I
identity certificate, enrolling 61
IKE
negotiation 16
Phase 2 16
Phase 2 Data Integrity, enabling 29
policy keywords 65
IKE keepalive setting
tunnel group 34
inspection, packet 17
interfaces
configuring for LAN-to-LAN 64
configuring for remote access 76, 79
IP address pool, configuring 108
IPSec
comparing VPN 3000 with ASA 23
LAN-to-LAN, permitting 74, 86
tunnel mode 68
IPSec LAN-to-LAN tunnel
configuring ACLs 70
configuring crypto map 72
configuring interfaces 64, 68
configuring ISAKMP Policy 65
configuring tunnel group 71
IPSec parameters, tunnel group 34
ISAKMP
configuring 65, 77
enabling Phase 2 data integrity 29
ISAKMP keepalive setting
tunnel groups 34
K
Keep Cisco SSL VPN Client feature, renamed 21
Keep Installer on Client System feature, ASA 21
key length, RSA 19
key pairs, generating 56
L
L2TP, L2TP over IPSec, and PPTP 26
LAN-to-LAN tunnel, configuring 63
license, comparing VPN 3000 with ASA 21
load balancing
comparing VPN 3000 with ASA 23
configuring 115
logging, event, VPN 3000 18
low-latency queueing (LLQ), comparing VPN 3000 with ASA 24
low memory, action 16
M
management traffic accounting, VPN3000 vs. ASA 22
managing certificates in ASDM 62
MD5 66
memory red condition 16
minimum bandwidth guarantee, comparing VPN 3000 with ASA 24
modes, comparing VPN 3000 with ASA 23
N
navigation map for ASDM 125
Network Admission Control 27
WebVPN 20
network list, configuring 89
network mask 18
nice reboot 16
O
object group, comparing VPN 3000 with ASA 23
OCSP 27
Online Certificate Status Protocol (OCSP) 27
P
packet inspection 17
PDA support, WebVPN 20
permitting IPSec traffic
LAN-to-LAN 74, 86
Phase 2 data integrity
default setting 16
enabling 16, 29
PKI
certificate 19
implementation on ASA 41
new CLI commands 41
policing, comparing VPN 3000 with ASA 24
protocols, external servers 110
Q
Quality of Service (QoS)
comparing VPN 3000 with ASA 24
configuring 119
Quick Configuration program, VPN 3000 43
R
RADIUS accounting, VPN 3000 vs. ASA 22
RADIUS server, configuring 108
reboot, nice 16
related documentation viii
remote-access tunnel
configuring 75
configuring dynamic crypto map 84
configuring interfaces 76, 79
configuring ISAKMP policy 77
configuring transform set 81
configuring tunnel group 82
configuring user access 80
RIPv2 28
RSA key length 19
S
service policy rule wizard 119
session timeout, TCP 19
SHA, IKE policy keywords (table) 66
Single Sign-on, WebVPN 20
Split DNS 96
split tunneling
configuring 89
firewalls 97
group policy 92
tunnel group 94
SSL VPN Client, comparing VPN 3000 with ASA 21
syslog levels, security appliance 18
T
TCP connection timeout 19
timeout, TCP connection 19
transform set, configuring for remote access 81
Triple DES, IKE policy keyword (table) 66
trustpoint 19, 58
tunnel group
configuring for LAN-to-LAN 71
configuring for remote access 82
default 32
definition 32
external authentication 113
IPSec parameters 34
tunnel-group
general attributes 33
webvpn attributes 35
U
user
configuring 38
configuring specific 38
users
adding for remote access 80
configuring 17
V
VPN 3000 features in ASA 31
VPN client
configuring a client firewall to allow HTTP traffic 105
firewall options 97
firewall policy 102
stateful firewall 101
VPN Wizard 46
W
WebVPN
comparing VPN 3000 with ASA 20
webvpn attributes, tunnel-group 35
WebVPN tunnel-group connection parameters 35
wildcard mask 18
wizards
service policy rule 119
VPN 46
Z
Zone Labs Integrity Server 28
Feedback