24-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 24 Managing Site-to-Site VPNs: The Basics
Understanding IPsec Technologies and Policies
Related Topics
Creating or Editing VPN Topologies, page24-28
Understanding Devices Supported by Each IPsec Technology, page 24-9
Understanding and Configuring VPN Default Policies, page 24-12
Understanding VPN Topologies, page24-2
Chapter 25, “Configuring IKE and IPsec Policies”
Understanding Policies, page 5-1
Overview of Site-to-Site VPN Policies
You can access site-to-site VPN policies by selecting Manage > Site-To-Site VPNs, or by clicking the
Site-To-Site VPN Manager button on the toolbar, and then selecting the required policy in the Policies
selector of the Site-to-Site VPN window. You can also access site-to-site VPN policies from Device view
or Policy view. For more information, see Accessing Site-to-Site VPN Topologies and Policies,
page 24-17.
The following is a summary of all of the site-to-site VPN policies, some of which you cannot create as
shared policies. Note that some of these policies are documented in the sections that explain remote
access VPNs, because the policies are used for both remote access and site-to-site VPNs. However, you
must configure these policies separately for each type of VPN.
Client Connection Characteristics. See Configuring Client Connection Characteristics for Easy
VPN, page 27-7.
Connection Profiles. See Connection Profiles Page, page30-8.
Easy VPN IPsec Proposal. See Configuring an IPsec Proposal for Easy VPN, page 27-10.
GRE Modes. See Understanding the GRE Modes Page, page 26-1.
Group Encryption Policy. See Defining GET VPN Group Encryption, page 24-51.
Group Members. See Configuring GET VPN Group Members, page28-20.
IKE Proposal. See Configuring an IKE Proposal, page 25-9.
IKE Proposal for GET VPN. See Configuring the IKE Proposal for GET VPN, page 28-15.
IKEv2 Authentication. See Configuring IKEv2 Authentication in Site-to-Site VPNs, page25-62.
IPsec Proposal. See Configuring IPsec Proposals in Site-to-Site VPNs, page 25-21
Key Servers. See Configuring GET VPN Key Servers, page28-18.
Peers. See Defining the Endpoints and Protected Networks, page 24-33.
GET VPN
See Understanding Group Encrypted
Transport (GET) VPNs, page 28-2.
Group Encryption
IKE Proposal for GET
VPN
One of: IKEv1 Preshared
Key or IKEv1 Public
Key Infrastructure
Global Settings for GET
VPN
Table24-1 Site-to-Site VPN IPsec Technologies and Policies (Continued)
Technology Mandatory Policies Optional Policies