11-35
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter11 Site-to-Site VPN
How Do I...
Step4 Click Add.
Step5 Select Static crypto maps to <policy name>
Step6 In the Add static crypto maps window, you can add more crypto maps to the VPN
connection.
Step7 If you need to modify any of the components of the connection, such as the IPSec
policy or the existing crypto map, note the names of those components in the VPN
window, and go to the appropriate windows under VPN Components to make
changes.
How Do I Confirm That My VPN Is Working?
You can verify that your VPN connection is working by using the Monitor mode
in Cisco SDM. If your VPN connection is working, Monitor mode will display the
VPN connection by identifying the source and destination peer IP addresses.
Depending on whether your VPN connection is an IPSec tunnel or an Internet Key
Exchange (IKE) security association (SA), Monitor mode will display the number
of packets transferred across the connection, or show the current state of the
connection. To display the current information about a VPN connection:
Step1 From the toolbar, select Monitor Mode.
Step2 From the left frame, select VPN Status.
Step3 From the Select A Category field, select whether to view information for IPSec
tunnels or IKE SAs.
Each configured VPN connection will appear as a row on the screen.
If you are viewing IPSec tunnel information, you can verify the following
information to determine that your VPN connection is working:
The local and remote peer IP addresses are correct, indicating that the VPN
connection is between the correct sites and router interfaces.
The tunnel status is “up.” If the tunnel status is “down” or “administratively
down,” then the VPN connection is not active.
The number of encapsulation and decapsulation packets is not zero,
indicating that data has been transferred over the connection and that the sent
and received errors are not too high.