C-126, Routers | 3D Innovations 3.0.1 instruction

Appendix B Site-to-Site VPN User Interface Reference

			Create VPN Wizard
Table B-11		Edit Endpoints Dialog Box > VRF Aware IPSec Tab (continued)

	Element		Description

	Interface Towards Provider Edge		Available only when a 2-Box solution is selected.
			The VRF forwarding interface on the IPSec Aggregator towards the
			PE device.
			Note If the IPSec Aggregator (hub) is a Catalyst VPN service
			module, you must specify a VLAN.
			Interfaces and VLANs are predefined interface role objects. If
			required, you can click Select to open a dialog box that lists all
			available interfaces, and sets of interfaces defined by interface roles,
			in which you can make your selection, or create interface role
			objects. For more information, see Interface Roles Page,
			page C-126.

	Routing Protocol		Available only when a 2-Box solution is selected.
			Select the routing protocol to be used between the IPSec Aggregator
			and the PE.
			If the routing protocol used for the secured IGP differs from the
			routing protocol between the IPSec Aggregator and the PE, select
			the routing protocol to use for redistributing the routing to the
			secured IGP.
			The options are BGP, EIGRP, OSPF, RIPv2, or Static route.
			For information about protocols, see Chapter 12, “Managing
			Routers” .

	AS Number		Available only when a 2-Box solution is selected.
			Enter the number that will be used to identify the autonomous
			system (AS) area between the IPSec Aggregator and the PE.
			If the routing protocol used for the secured IGP differs from the
			routing protocol between the IPSec Aggregator and the PE, enter an
			AS number that will be used to identify the secured IGP into which
			the routing will be redistributed from the IPSec Aggregator and the
			PE. This is relevant only when GRE or DMVPN are applied.
			The AS number must be within the range 1-65535.

			User Guide for Cisco Security Manager 3.0.1
			User Guide for Cisco Security Manager 3.0.1
	OL-8214-02				B-31
	OL-8214-02				B-31

Image 31

3D Innovations 3.0.1 appendix C-126, Routers

Contents

Site-to-Site VPN User Interface Reference Working with VPN Topologies, Understanding VPN Topologies, B-3 and Peers Page, page B-7 VPN SummaryB-37 Configuring IPSec Proposals, Configuring High Availability in Your VPN Topology,Configuring VRF-Aware IPSec Settings, Configuring an IKE Proposal, B-53 Understanding IPSec Technologies and Policies,Topology. See IKE Proposal Page, page B-37 See IPSec Proposal Page, page B-39 High Availability Page, page B-34 See GRE Modes Page, page B-59IPSec Tab, page B-28 Managing VPN Devices in Device View, Peers Topology. See Device Selection Page, page B-10 Create VPN Wizard Name and Technology B-10 Device SelectionEditing a VPN Topology, Defining a Name and IPSec Technology, Navigation Path Page, page B-9 Endpoints See VPN Interface Tab, page B-17 See Edit Endpoints Dialog Box, page B-16 Tab, page B-24B-34 Edit Endpoints Dialog Box VPN Interface Tab Information, see Interface Roles Page, page C-126 Procedure for Configuring a Vpnsm or VPN SPA Blade, More information, see Interface Roles Page, page C-126 IP Address for IPSec Termination -To enter manually the IP Cisco IOS Routers, More information, see Configuring Dialer Interfaces on Box, page B-32 Defining VPN Services Module Vpnsm or VPN SPA Settings VPN SPA Blade, For more information, see Adding VPN SPA Slot Locations IP Address for IPSec Termination-To enter manually the IP Protected Networks Tab Table B-9 Edit Endpoints Dialog Box Protected Networks Tab Information, see Editing Network/Host Objects, More information, see Editing Access Control List ObjectsFwsm Tab More information, see Editing Interface Role Objects, Table B-10 Edit Endpoints Dialog Box Fwsm Tab For more information, see Interface Roles Page, page C-126 VRF Aware IPSec Tab Table B-11 Edit Endpoints Dialog Box VRF Aware IPSec Tab IPSec Two-Box Solution, Solution, Routers C-126 Summary page. See VPN Summary Page, page B-3 Dial Backup Settings Dialog Box Table B-12 Dial Backup Settings Dialog Box High Availability Table B-13 Create VPN wizard High Availability For more information, see Enabling Stateful Failover, Policy configured. See VPN Summary Page, page B-3 IKE Proposal Site to Site VPN Policies Understanding Preshared Key Policies, Site-to-Site VPN Policies in Policy View,More information, see IKE Proposal Dialog Box, page C-123 IKE, IPSec ProposalC-123 For more information, see About Crypto Maps, Shared Site-to-Site VPN Policies in Policy View, For more information, see About Transform Sets, IPSec Transform Sets Page, page C-130 To Use, Element Description ISAKMP/IPSec Settings Tab VPN Global Settings For more information, see About IKE Keepalive, Configuring VPN Global Settings, See Understanding IKE, Appendix B Site-to-Site VPN User Interface Reference VPN Global Settings Page, page B-44 Understanding NAT, NAT Settings Tab NAT, For more information, see About NAT Traversal, General Settings Tab For more information, see Understanding Fragmentation Select the required setting for the DF bit Preshared Key Table B-19 Preshared Key Element Description Negotiation Method Public Key Infrastructure C-140 Working with PKI Enrollment Objects,Attributes, GRE Modes FlexConfig see Working with FlexConfigs, Table B-21 GRE Modes Page GRE or GRE Dynamic IP Policy GRE?, OL-8214-02 Configuring Cisco IOS Router Interfaces, OL-8214-02 For more information, see Prerequisites for Successful Configuration of GRE, Element Description Preshared Key Policies, Interfaces, For more information, see Configuring Cisco IOS Router Easy VPN IPSec Proposal Understanding Easy VPN, For more information, see Understanding NAT, Group Objects, Device Access Policies,More information, see Working with AAA Server Group Objects Working with User Group Objects, User Group PolicyFor more information, see Editing User Group Objects, Tunnel Group Policy PIX 7.0/ASA Tunnel Group Policy General Tab For more information, see Working with ASA User Groups Client Address Assignment Network/Host Objects, Tunnel Group Policy IPSec Tab For more information, see Supported AAA Server Types Tunnel Group Policy Advanced Tab More information, see Working with Interface Role Objects Tunnel Group Policy PIX 7.0/ASA Tunnel Group Policy Client VPN Software Update Tab Client Connection Characteristics Table B-29 Easy VPN Remote Client Connection Characteristics Working with Site-to-Site VPN Policies, About Locking in Site-to-Site VPN Topologies, For more information, see About Editing a VPN Topology See Site to Site VPN Policies, page B-37For more information, see Deleting a VPN Topology, OL-8214-02 OL-8214-02