Cisco Cisco SA540 Security Appliance Technical References
© 2010 Cisco Systems, Inc. All rights reserved.
Page 3 of 16
Configuring a Cisco SA 500 to Accept a VPN Connection from a Shrew Soft VPN Client
Application Note
Step 4.
From the Select VPN Type drop-down menu, select Remote Access.
Step 5.
In the Connection Name and Remote IP Type area, enter this information:
–
VPN Connection Name: Enter a name to help you identify the VPN that you are setting up.
For example: MyVPNClient.
For example: MyVPNClient.
–
Preshared Key: Enter the preshared key for the VPN Clients. For example: 1234567890.
The length of the preshared key is between 8 characters and 49 characters and must be
entered exactly the same on this page and on the client.
entered exactly the same on this page and on the client.
–
Local WAN Interface: From the drop-down menu, select Dedicated WAN.
Step 6.
In the Remote & Local WAN Addresses area, enter this information:
–
Remote Gateway Type: From the drop-down menu, select FQDN.
We recommend that you do not select IP address as the gateway type when configuring
IPSec clients. This option only allows a single user from that IP address to connect to the
network at once.
IPSec clients. This option only allows a single user from that IP address to connect to the
network at once.
–
Remote WAN’s IP Address/FQDN: Enter a domain name. For example: remote.com.
This is an identifier that IPSec uses to verify the identity of the other IPSec device. For this
configuration, the identifier is the IPSec client.
configuration, the identifier is the IPSec client.
–
Local Gateway Type: From the drop-down menu, select FQDN or IP Address.
If you select IP Address, you must configure a static IP address on the SA 500 Dedicated
WAN interface.
WAN interface.
–
Local WAN’s IP Address/FQDN: Enter a domain name. For example: local.com.
This is an identifier that IPSec uses to verify this IPSec device. If you selected IP Address
as the gateway type, you must also enter the WAN IP Address of the Dedicated WAN.
as the gateway type, you must also enter the WAN IP Address of the Dedicated WAN.
NOTE
The domain names that you specify for the Remote and Local WAN IP Address are the same
.
Step 7.
Click Apply to save your changes. A VPN policy and IKE policy are created.
Changing the IKE Policy
NOTE
The name of the IKE policy that you are changing must match the Connection Name that you
entered on the VPN Wizard page. For example: MyVPNClient.
Follow these steps to change the IKE policy:
Step 1.
Select VPN Policies in the navigation tree.
Step 2.
Select the newly created policy from the VPN policies table and click Disable.
Step 3.
Select IKE Policies in the navigation tree.
Step 4.
Select the newly created policy from the IKE policies table and click the Edit button.