Step 1-1 Identify IPSec Peers

Step 1-1 Identify IPSec Peers

An important part of defining a comprehensive IPSec policy is to identify the IPSec peer pairs that must be configured. In the chapter scenario, expanded in Figure 10-2, each remote site will connect only to the Main Office router and, therefore, requires only simple configuration. The Cisco router at the Main Office must be configured for peer communications with each of the remote sites and telecommuter(s). Each peer must support IPSec. Because many different types of peer devices exist, it’s important to identify all potential peers and determine their VPN capabilities. Possible peer devices could include, but aren’t limited to, the following:

• Cisco routers

• Cisco Secure PIX Firewalls

• Cisco Secure VPN 3000 Concentrators

• Cisco Secure VPN 3002 Hardware Client device

• Cisco Secure VPN Software Client

• Other vendor IPSec products that conform to IPSec standards

• CA servers

  
  Figure 10-2: Chapter scenario network showing peer connections

It’s important to recognize that IPSec features supported and default settings can vary between Cisco product families, as well as versions of the operating system (OS) being used. This is most important for the Main Office router in the scenario because it must be able to establish common IKE and IPSec policies with each remote device. This also demonstrates why many companies limit the number of devices supported by defining standards for telecommuters or branch offices.