The rest of this module discusses the configuration of an IPSec-based VPN
between two PIX Security Appliances operating as secure gateways using
pre-shared keys for authentication. The four overall tasks used to configure
IPSec encryption on the PIX are summarized below. Subsequent topics of this
lesson discuss each configuration task in greater detail. The following are the
four tasks
:
-
Task 1 – Prepare to configure VPN support. This task consists of
several steps that determine IPSec policies, ensure that the network works, and
ensure that the PIX Security Appliance can support IPSec.
-
Task 2 – Configure IKE parameters. This task consists of several
configuration steps that ensure that IKE can set up secure channels to desired
IPSec peers during IKE Phase 1.
-
Task 3 – Configure IPSec parameters. This task consists of several
configuration steps that specify IPSec SA parameters between peers, and set
global IPSec values. IKE negotiates SA parameters and sets up IPSec SAs during
IKE Phase 2.
-
Task 4 – Test and verify VPN configuration. After IPSec is
configured, it is necessary to verify that it has been configured correctly and
ensure that it works.