Cisco Cisco FirePOWER Appliance 8250
11-14
FireSIGHT System User Guide
Chapter 11 Using Gateway VPNs
Managing VPN Deployments
Life Time
Specify a numerical value and select a time unit for the maximum SA renegotiation interval. You
can specify a minimum of 5 minutes and a maximum of 24 hours.
can specify a minimum of 5 minutes and a maximum of 24 hours.
Life Packets
Specify the number of packets that can be transmitted over an IPsec SA before it expires. You can
use any integer between 0 and 18446744073709551615.
use any integer between 0 and 18446744073709551615.
Life Bytes
Specify the number of bytes that can be transmitted over an IPsec SA before it expires. You can use
any integer between 0 and 18446744073709551615.
any integer between 0 and 18446744073709551615.
AH
Select the check box to specify that the system uses the authentication header security protocol for
the data to be protected. Clear the check box to use encryption service payload (ESP) protocol. See
the data to be protected. Clear the check box to use encryption service payload (ESP) protocol. See
for guidance on when to use each protocol.
To configure advanced VPN deployment settings:
Access:
Admin/Network Admin
Step 1
Select
Devices > VPN
.
The VPN page appears.
Step 2
Click
Add
.
The Create New VPN Deployment pop-up window appears.
Step 3
Click the
Advanced
tab.
Step 4
Configure the advanced settings, as described earlier in this section.
Step 5
Next to
Algorithms
, click the add icon (
).
The Add IKE Algorithm Proposal pop-up window appears.
Step 6
Select
Cipher
,
Hash
, and Diffie-Hellman (
DH
) group authentication messages for both phases.
Step 7
Click
OK
.
The IKE algorithm proposal is added.
Step 8
Click
Save
.
Your changes are saved and the VPN page appears.
Note that you must apply the deployment for it to take effect; see
Applying a VPN Deployment
License:
VPN
Supported Devices:
Series 3
After configuring or making any changes to a VPN deployment, you must apply the deployment to one
or more devices to implement the settings you designated for the deployment.
or more devices to implement the settings you designated for the deployment.