3D Innovations 3.0.1 appendix C-126, Configuring Cisco IOS Router Interfaces

Tunnel IP

Click one of the following radio buttons to specify the GRE or GRE

Dynamic IP tunnel interface IP address:

• Use Physical Interface—To use the private IP address of the

tunnel taken from the protected network.

• Use Subnet—To use the tunnel IP address taken from an IP

range. Then, in the Subnet field, enter the private IP address

including the unique subnet mask, for example 10.1.1.0/24. If

you are also configuring a dial backup interface, enter its subnet

in the Dial Backup Subnet field provided.

• Use Loopback Interface—To use the tunnel IP address taken

from an existing loopback interface. Then, in the Role field,

enter the interface, or select it from the list of interface roles

provided. For more information, see Interface Roles Page,

page C-126.

Note To view the newly created GRE tunnel and/or loopback

interfaces in the Router Interfaces page, you must

rediscover the device inventory details after successfully

deploying the VPN to the device. For more information, see

Configuring Cisco IOS Router Interfaces, page 12-2.

Tunnel Source IP Range

Available only if the assigned IPSec technology is

GRE Dynamic IP.

The private IP address including the unique subnet mask that

supports the loopback for GRE. The GRE tunnel interface has an IP

address (inside tunnel IP address) which is taken from a loopback

interface that Security Manager creates specifically for this purpose.

When a spoke has a dynamic IP address, there is no fixed GRE

tunnel source address (to be used by the GRE tunnel on the spoke

side) or destination address (to be used by the GRE tunnel on the

hub side). Therefore, Security Manager creates additional loopback

interfaces on the hub and the spoke to use as the GRE tunnel

endpoints. You must specify a subnet from which Security Manager

can allocate an IP address for the loopback interfaces.

User Guide for Cisco Security Manager 3.0.1

OL-8214-02

B-63