24-40
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 24 Managing Site-to-Site VPNs: The Basics
Creating or Editing VPN Topologies
This action opens the Edit Endpoints dialog box. Select the VPN Interface tab if it is not already
selected.
Step 3 On the VPN Interface tab, configure the following options related to dial backup. If you are creating a
new VPN, you need to configure the other settings (such as VPN interface) as well. For detailed
reference information for these options, see Configuring VPN Interface Endpoint Settings, page24-35.
Enable Backup—Select this option.
Dialer Interface—Specify the physical interface through which the secondary route traffic will be
directed when the logical dialer interface is activated.
Primary Next Hop IP Address—If the selected IPsec technology is Regular IPsec, IPsec/GRE,
GRE Dynamic IP, or Easy VPN, enter the next hop IP address. If you do not enter the next hop IP
address, Security Manager configures a static route using the interface name.
Tracking IP Address—Specify the IP address of the destination device to which connectivity must
be maintained from the primary VPN interface connection. This is the device that is pinged through
the primary route to track connectivity. The backup connection is triggered if connectivity to this
device is lost.
If you do not specify an IP address, the primary hub VPN interface is used in a hub-and-spoke or
Easy VPN topology. In a point-to-point or full mesh VPN topology, the peer VPN interface is used.
Step 4 If the selected IPsec technology is Regular IPsec, IPsec/GRE, GRE Dynamic IP, or Easy VPN, click
Advanced to configure additional (optional) settings in the Dial Backup Settings dialog box. These
settings are explained in Dial Backup Settings Dialog Box, page 24-40. Click OK to sa ve your chang es.
Step 5 Click OK in the Edit Endpoints dialog box.
Dial Backup Settings Dialog Box
Use the Dial Backup Settings dialog box to define optional settings for configuring a dial backup policy
for your site-to-site VPN. These settings are available for Regular IPsec, IPsec/GRE, GRE Dynamic IP,
or Easy VPN technologies.
Mandatory settings for dial backup are configured in the VPN Interface tab on the Edit Endpoints dialog
box. See Configuring VPN Interface Endpoint Settings, page 24-35.
Note You must configure the dialer interface settings before dial backup can work properly. For more
information, see Dialer Interfaces on Cisco IOS Routers, page 59-27.
Navigation Path
To open the Dial Backup Settings dialog box, enable dial backup and click Advanced on the VPN
Interface tab of the Edit Endpoints dialog box. For information on opening the Edit Endpoints dialog
box, see Defining the Endpoints and Protected Networks, page 24-33.
Related Topics
Configuring Dial Backup, page 24-39
Understanding Easy VPN, page 27-1