C-126 | 3D Innovations 3.0.1 specs

Appendix B Site-to-Site VPN User Interface Reference

Site to Site VPN Policies

Table B-21 GRE Modes Page > GRE or GRE Dynamic IP Policy (continued)

Element

Description

Tunnel Parameters Tab

	Tunnel IP	Click one of the following radio buttons to specify the GRE or GRE
		Dynamic IP tunnel interface IP address:
		• Use Physical Interface—To use the private IP address of the
		tunnel taken from the protected network.
		• Use Subnet—To use the tunnel IP address taken from an IP
		range. Then, in the Subnet field, enter the private IP address
		including the unique subnet mask, for example 10.1.1.0/24. If
		you are also configuring a dial backup interface, enter its subnet
		in the Dial Backup Subnet field provided.
		• Use Loopback Interface—To use the tunnel IP address taken
		from an existing loopback interface. Then, in the Role field,
		enter the interface, or select it from the list of interface roles
		provided. For more information, see Interface Roles Page,
		page C-126.
		Note To view the newly created GRE tunnel and/or loopback
		interfaces in the Router Interfaces page, you must
		rediscover the device inventory details after successfully
		deploying the VPN to the device. For more information, see
		Configuring Cisco IOS Router Interfaces, page 12-2.

	Tunnel Source IP Range	Available only if the assigned IPSec technology is
		GRE Dynamic IP.
		The private IP address including the unique subnet mask that
		supports the loopback for GRE. The GRE tunnel interface has an IP
		address (inside tunnel IP address) which is taken from a loopback
		interface that Security Manager creates specifically for this purpose.
		When a spoke has a dynamic IP address, there is no fixed GRE
		tunnel source address (to be used by the GRE tunnel on the spoke
		side) or destination address (to be used by the GRE tunnel on the
		hub side). Therefore, Security Manager creates additional loopback
		interfaces on the hub and the spoke to use as the GRE tunnel
		endpoints. You must specify a subnet from which Security Manager
		can allocate an IP address for the loopback interfaces.

		User Guide for Cisco Security Manager 3.0.1

	OL-8214-02			B-63

Image 63

3D Innovations 3.0.1 appendix C-126, Configuring Cisco IOS Router Interfaces

Contents

Site-to-Site VPN User Interface Reference Working with VPN Topologies, Understanding VPN Topologies, VPN Summary B-3 and Peers Page, page B-7B-37 Configuring IPSec Proposals, Configuring High Availability in Your VPN Topology,Configuring VRF-Aware IPSec Settings, Configuring an IKE Proposal, B-53 Understanding IPSec Technologies and Policies,Topology. See IKE Proposal Page, page B-37 See IPSec Proposal Page, page B-39 See GRE Modes Page, page B-59 High Availability Page, page B-34IPSec Tab, page B-28 Managing VPN Devices in Device View, Peers Topology. See Device Selection Page, page B-10 Create VPN Wizard Name and Technology B-10 Device SelectionEditing a VPN Topology, Defining a Name and IPSec Technology, Navigation Path Page, page B-9 Endpoints See VPN Interface Tab, page B-17 Tab, page B-24 See Edit Endpoints Dialog Box, page B-16B-34 Edit Endpoints Dialog Box VPN Interface Tab Information, see Interface Roles Page, page C-126 Procedure for Configuring a Vpnsm or VPN SPA Blade, More information, see Interface Roles Page, page C-126 IP Address for IPSec Termination -To enter manually the IP Cisco IOS Routers, More information, see Configuring Dialer Interfaces on Box, page B-32 Defining VPN Services Module Vpnsm or VPN SPA Settings VPN SPA Blade, For more information, see Adding VPN SPA Slot Locations IP Address for IPSec Termination-To enter manually the IP Protected Networks Tab Table B-9 Edit Endpoints Dialog Box Protected Networks Tab Information, see Editing Network/Host Objects, More information, see Editing Access Control List ObjectsFwsm Tab More information, see Editing Interface Role Objects, Table B-10 Edit Endpoints Dialog Box Fwsm Tab For more information, see Interface Roles Page, page C-126 VRF Aware IPSec Tab Table B-11 Edit Endpoints Dialog Box VRF Aware IPSec Tab IPSec Two-Box Solution, Solution, Routers C-126 Summary page. See VPN Summary Page, page B-3 Dial Backup Settings Dialog Box Table B-12 Dial Backup Settings Dialog Box High Availability Table B-13 Create VPN wizard High Availability For more information, see Enabling Stateful Failover, Policy configured. See VPN Summary Page, page B-3 IKE Proposal Site to Site VPN Policies Site-to-Site VPN Policies in Policy View, Understanding Preshared Key Policies,More information, see IKE Proposal Dialog Box, page C-123 IPSec Proposal IKE,C-123 For more information, see About Crypto Maps, Shared Site-to-Site VPN Policies in Policy View, For more information, see About Transform Sets, IPSec Transform Sets Page, page C-130 To Use, Element Description ISAKMP/IPSec Settings Tab VPN Global Settings For more information, see About IKE Keepalive, Configuring VPN Global Settings, See Understanding IKE, Appendix B Site-to-Site VPN User Interface Reference VPN Global Settings Page, page B-44 Understanding NAT, NAT Settings Tab NAT, For more information, see About NAT Traversal, General Settings Tab For more information, see Understanding Fragmentation Select the required setting for the DF bit Preshared Key Table B-19 Preshared Key Element Description Negotiation Method Public Key Infrastructure Working with PKI Enrollment Objects, C-140Attributes, GRE Modes FlexConfig see Working with FlexConfigs, Table B-21 GRE Modes Page GRE or GRE Dynamic IP Policy GRE?, OL-8214-02 Configuring Cisco IOS Router Interfaces, OL-8214-02 For more information, see Prerequisites for Successful Configuration of GRE, Element Description Preshared Key Policies, Interfaces, For more information, see Configuring Cisco IOS Router Easy VPN IPSec Proposal Understanding Easy VPN, For more information, see Understanding NAT, Device Access Policies, Group Objects,More information, see Working with AAA Server Group Objects User Group Policy Working with User Group Objects,For more information, see Editing User Group Objects, Tunnel Group Policy PIX 7.0/ASA Tunnel Group Policy General Tab For more information, see Working with ASA User Groups Client Address Assignment Network/Host Objects, Tunnel Group Policy IPSec Tab For more information, see Supported AAA Server Types Tunnel Group Policy Advanced Tab More information, see Working with Interface Role Objects Tunnel Group Policy PIX 7.0/ASA Tunnel Group Policy Client VPN Software Update Tab Client Connection Characteristics Table B-29 Easy VPN Remote Client Connection Characteristics Working with Site-to-Site VPN Policies, About Locking in Site-to-Site VPN Topologies, See Site to Site VPN Policies, page B-37 For more information, see About Editing a VPN TopologyFor more information, see Deleting a VPN Topology, OL-8214-02 OL-8214-02