Cisco Systems ISA550 Manual De Usuario

Configuring a Site-to-Site VPN

Cisco ISA500 Series Integrated Security Appliances Administration Guide

341

 

To establish a site-to-site VPN tunnel, complete the following configuration tasks: 

•

Add the subnet IP address objects for your local network and remote 
network. See 

•

(Optional) Import the certificates for authentication between two peers. 
Skip this step if you want to use the pre-shared key for authentication. See 

.

•

Enable the site-to-site VPN feature on the security appliance. See 

•

Configure IKE policies. See 

.

•

Configure transform policies. See 

.

•

Configure IPsec VPN policies. See 

•

(Optional) Check an enabled IPsec VPN policy and click the Connect icon 
to initiate the VPN connection. 

When a site-to-site IPsec VPN policy is in place and enabled, a connection 
will be triggered by any traffic that matches the policy. In this case, the VPN 
tunnel will be set up automatically. However, for an IPsec VPN policy in which 
this router’s Remote Network is set to Any (a “site-to-any” tunnel), a 
connection cannot be set up automatically. Instead you must manually 
establish the VPN connection by clicking the Connect icon. 

•

View the status and statistic information for all IPsec VPN sessions. See 

. 

Click VPN > Site-to-Site > IPsec Policies.

The IPsec Policies window opens. All existing IPsec VPN policies are listed in the 
table. The following information is displayed:

•

Name: The name of the IPsec VPN policy.

•

Enable: Shows if the IPsec VPN policy is enabled or disabled.

•

Status: Shows if the IPsec VPN tunnel is connected or disconnected.