Cisco Systems OL-5532-02 Manual De Usuario

The encryption policy defines the security parameters for protecting data traveling through the VPN 
tunnels. It consists of one or more IKE proposals, one or more IPsec proposals, and global attributes. For 
example, the IKE proposal portion of the encryption policy could consist of selecting the 3DES, SHA, 
certificates, and Diffie-Hellman Group 2 options, and the IPsec proposal portion of the encryption policy 
could consist of selecting the ESP-AES, ESP-SHA, no authentication header (AH), no compression, and 
no PFS options.

You must have an encryption policy for your remote access policy. However, the same encryption policy 
defined for a site-to-site VPN policy may also be used for a remote access policy. So, if you have already 
created an encryption policy in ISC that you would like to use, proceed to the 

. Otherwise, follow the instructions in 

 and create an encryption policy before continuing.

The remote access VPN policy defines the characteristics of the IPsec tunnel between the customer site 
and the remote user. Its attributes include the VPN group name and password, IP address pools, and split 
tunneling subnets. Additionally, the policy defines what VPN features are enabled and which are not. 
For example, the policy enables (or disables) reverse route injection and NAT transparency.