Cisco Cisco Firepower Management Center 4000

11-14

FireSIGHT System User Guide

Chapter 11 Using Gateway VPNs

Managing VPN Deployments

Life Time

Specify a numerical value and select a time unit for the maximum SA renegotiation interval. You
can specify a minimum of 5 minutes and a maximum of 24 hours.

Life Packets

Specify the number of packets that can be transmitted over an IPsec SA before it expires. You can
use any integer between 0 and 18446744073709551615.

Life Bytes

Specify the number of bytes that can be transmitted over an IPsec SA before it expires. You can use
any integer between 0 and 18446744073709551615.

Select the check box to specify that the system uses the authentication header security protocol for
the data to be protected. Clear the check box to use encryption service payload (ESP) protocol. See

Understanding IPSec, page 11-1

for guidance on when to use each protocol.

To configure advanced VPN deployment settings:

Access:

Admin/Network Admin

Step 1

Select

Devices > VPN

The VPN page appears.

Step 2

Click

Add

The Create New VPN Deployment pop-up window appears.

Step 3

Click the

Advanced

tab.

Step 4

Configure the advanced settings, as described earlier in this section.

Step 5

Next to

Algorithms

, click the add icon (

The Add IKE Algorithm Proposal pop-up window appears.

Step 6

Select

Cipher

Hash

, and Diffie-Hellman (

) group authentication messages for both phases.

Step 7

Click

The IKE algorithm proposal is added.

Step 8

Click

Save

Your changes are saved and the VPN page appears.

Note that you must apply the deployment for it to take effect; see

Applying a VPN Deployment,

page 11-14

Applying a VPN Deployment

License:

VPN

Supported Devices:

Series 3

After configuring or making any changes to a VPN deployment, you must apply the deployment to one
or more devices to implement the settings you designated for the deployment.