Configuring the Cisco PIX Firewall for CA Site-to-Site
Configure CA Support Tasks
This chapter covers how to configure the PIX Firewall to work with a CA. It does not cover the configuration of the CA server, only how the Cisco products interact with one. The lab provides you with the opportunity to configure components in a way that mimics a real network. This section presents an overview of the major tasks you will have to perform to configure a PIX Firewall for CA support.
The IPSec configuration process can be summarized in five major tasks, outlined as follows. To provide more detail, the general tasks used to configure IPSec encryption on the PIX Firewall are summarized here. Subsequent sections of this chapter discuss the CA configuration tasks and steps in detail. Tasks and steps that are identical to those of preshared keys are not covered in detail. Please refer to Chapter 6, "Configuring the Cisco PIX Firewall for Preshared Keys Site-to-Site," for the detailed explanation of these steps.
Task 1: Prepare for IPSecThis task consists of several steps to identify CA server details, determine IPSec policies, ensure that the network works, and ensure that the PIX Firewall can support IPSec.
Task 2: Configure CA supportThis task consists of several configuration steps that are required to enable the PIX Firewall to use a CA server.
Task 3: Configure Internet Key Exchange (IKE) parametersThis task consists of several configuration steps that ensure that IKE can set up secure channels to desired IPSec peers. Then IKE can set up IPSec SAs, enabling IPSec sessions.
Task 4: Configure IPSec parametersThis task consists of several configuration steps that specify IPSec SA parameters between peers and set global IPSec values.
Task 5: Test and verify VPN configurationAfter you configure IPSec, you need to verify that you have configured it correctly and ensure that it works.