Cisco Systems CL-28826-01

Contents

xxiii

User Guide for Cisco Security Manager 4.4

OL-28826-01

Understanding and Configuring VPN Default Policies 24-12

Using Device Overrides to Customize VPN Policies 24-13

Understanding VRF-Aware IPsec 24-14

VRF-Aware IPsec One-Box Solution 24-14

VRF-Aware IPsec Two-Box Solution 24-15

Enabling and Disabling VRF on Catalyst Switches and 7600 Devices 24-17

Accessing Site-to-Site VPN Topologies and Policies 24-17

Site-to-Site VPN Manager Window 24-18

Configuring VPN Topologies in Device View 24-19

Site-To-Site VPN Discovery 24-19

Supported and Unsupported Technologies and Topologies for VPN Discovery 24-20

Prerequisites for VPN Discovery 24-21

VPN Discovery Rules 24-21

Discovering Site-to-Site VPNs 24-24

Defining or Repairing Discovered VPNs with Multiple Spoke Definitions 24-25

Rediscovering Site-to-Site VPNs 24-26

Creating or Editing VPN Topologies 24-28

Defining the Name and IPsec Technology of a VPN Topology 24-30

Selecting Devices for Your VPN Topology 24-32

Defining the Endpoints and Protected Networks 24-33

Configuring VPN Interface Endpoint Settings 24-35

Configuring Dial Backup 24-39

Dial Backup Settings Dialog Box 24-40

Configuring VPNSM or VPN SPA/VSPA Endpoint Settings 24-41

Identifying the Protected Networks for Endpoints 24-45

Configuring a Firewall Services Module (FWSM) Interface with VPNSM or

VPNSPA/VSPA 24-45

Configuring VRF Aware IPsec Settings 24-46

Configuring High Availability in Your VPN Topology 24-49

Defining GET VPN Group Encryption 24-51

Add Certificate Filter Dialog Box 24-54

Add New or Edit Security Association Dialog Box 24-55

Defining GET VPN Peers 24-57

Assigning Initial Policies (Defaults) to a New VPN Topology 24-58

Viewing a Summary of a VPN Topology’s Configuration 24-59

Creating or Editing Extranet VPNs 24-63

Deleting a VPN Topology 24-67