Appendix B Site-to-Site VPN User Interface Reference

Site to Site VPN Policies

Table B-21 GRE Modes Page > GRE or GRE Dynamic IP Policy (continued)

Element

Description

Tunnel Parameters Tab

 

Tunnel IP

Click one of the following radio buttons to specify the GRE or GRE

 

 

Dynamic IP tunnel interface IP address:

 

 

Use Physical Interface—To use the private IP address of the

 

 

tunnel taken from the protected network.

 

 

Use Subnet—To use the tunnel IP address taken from an IP

 

 

range. Then, in the Subnet field, enter the private IP address

 

 

including the unique subnet mask, for example 10.1.1.0/24. If

 

 

you are also configuring a dial backup interface, enter its subnet

 

 

in the Dial Backup Subnet field provided.

 

 

Use Loopback Interface—To use the tunnel IP address taken

 

 

from an existing loopback interface. Then, in the Role field,

 

 

enter the interface, or select it from the list of interface roles

 

 

provided. For more information, see Interface Roles Page,

 

 

page C-126.

 

 

Note To view the newly created GRE tunnel and/or loopback

 

 

interfaces in the Router Interfaces page, you must

 

 

rediscover the device inventory details after successfully

 

 

deploying the VPN to the device. For more information, see

 

 

Configuring Cisco IOS Router Interfaces, page 12-2.

 

 

 

 

Tunnel Source IP Range

Available only if the assigned IPSec technology is

 

 

GRE Dynamic IP.

 

 

The private IP address including the unique subnet mask that

 

 

supports the loopback for GRE. The GRE tunnel interface has an IP

 

 

address (inside tunnel IP address) which is taken from a loopback

 

 

interface that Security Manager creates specifically for this purpose.

 

 

When a spoke has a dynamic IP address, there is no fixed GRE

 

 

tunnel source address (to be used by the GRE tunnel on the spoke

 

 

side) or destination address (to be used by the GRE tunnel on the

 

 

hub side). Therefore, Security Manager creates additional loopback

 

 

interfaces on the hub and the spoke to use as the GRE tunnel

 

 

endpoints. You must specify a subnet from which Security Manager

 

 

can allocate an IP address for the loopback interfaces.

 

 

 

 

 

 

 

User Guide for Cisco Security Manager 3.0.1

 

 

 

 

 

 

OL-8214-02

 

 

B-63

 

 

 

Page 63
Image 63
3D Innovations 3.0.1 appendix C-126, Configuring Cisco IOS Router Interfaces