The ASA Tunnels Layer

Tunneling makes it possible to use a public TCP/IP network, such as the Internet, to create secure connections between remote users and a private corporate network. Each secure connection is called a tunnel. The adaptive security appliance uses the ISAKMP and IPsec tunneling standards to build and manage tunnels. ISAKMP and IPsec accomplish the following:

• Negotiate tunnel parameters
• Establish tunnels
• Authenticate users and data
• Manage security keys
• Encrypt and decrypt data
• Manage data transfer across the tunnel
• Manage data transfer inbound and outbound as a tunnel endpoint or router

The adaptive security appliance functions as a bidirectional tunnel endpoint. It can receive plain packets from the private network, encapsulate them, create a tunnel, and send them to the other end of the tunnel where they are unencapsulated and sent to their final destination. It can also receive encapsulated packets from the public network, unencapsulate them, and send them to their final destination on the private network.

The tests mapped to this layer monitor the Ike global and secondary tunnels.