Chapter11 Site-to-Site VPN
Edit Site-to-Site VPN
11-30
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12

To create a text file of the IPSec policy:

Click Save, and specify a name and location for the text file. You can give this text
file to the administrator of the peer device so that he or she can create a policy that
mirrors the one you created on the router. Click After Configuring a VPN, How
Do I Configure the VPN on the Peer Router? to learn how to use the text file to
create a mirror policy.
Caution The text file that you generate must not be copied into the configuration file of the
remote system, but must be used only to show what has been configured on the
local router so that the remote device can be configured in a way that is
compatible. Identical names for IPSec policies, IKE policies, and transform sets
may be used on the remote router, but the policies and transform sets may be
different. If the text file is simply copied into the remote configuration file,
configuration errors are likely to result.
Cisco SDM Warning: NAT Rules with ACL
This window appears when you are configuring a VPN using interfaces w ith
associated NAT rules that use Access rules. This type of NAT rule can change IP
addresses in packets before the packets leave or enter the LAN, and a NAT rule
will prevent VPN connections from functioning properly if it changes source IP
addresses so that they don’t match the IPSec rule configured for the VPN. To
prevent this from happening, Cisco SDM can convert these to NAT rules that use
route maps. Route maps specify subnets that should not be translated.
The window shows the NAT rules that have to be changed to ensure the VPN
connection functions properly.

Original Address

The IP address that NAT will translate.

Translated Address

The IP address that NAT will substitute for the original address.