B-67
User Guide for CiscoSecurity Manager3.0.1
OL-8214-02
AppendixB Site-to-Site VPN User Interface Reference Site to Site VPN Policies
Failover Cost Available if you selected the OSPF or RIPv2 routing protocol.
The cost of sending a packet on the secondary (failover) route
interface. Youcan enter a value in the range 1-65535. The default is
125.
Allow Direct Spoke to Spoke
Connectivity When selected, enables direct communication between spokes,
without going through the hub.
Note With direct spoke-to-spoke communication, you must use
the Main Mode Address option for preshared key
negotiation. For more information, see Understanding
Preshared Key Policies, page 9-74.
Filter Dynamic Updates On
Spokes Unavailable if you are using On-Demand Routing or a static route
for your DMVPN tunnel.
When selected, enables the creation of a redistribution list that
filters all dynamic routing updates (EIGRP, OSPF, and RIPv2) on
spokes. This forces the spoke devices to advertise (populate on the
hub device) only their own protected subnets and not other IP
addresses.
Tunnel Parameters Tab
Tunnel IP Range The IPrange ofthe inside tunnelinterface IP address, including the
unique subnet mask.
Note If Security Manager detects that a tunnel interface IP
address already exists on the device, and its IP address
matchesthe tunnel’s IP subnet field, it will use that interface
as the GRE tunnel.
Dial Backup Tunnel IP Range If you are configuringa dialbackup interface,enter itsinside tunnel
interface IP address, including the unique subnet mask.
TableB-22 GRE Modes Page> DMVPN Policy (continued)
Element Description