Chapter8 Site-to-Site VPN
Create Site to Site VPN
8-46
Cisco Router and Security Device Manager Version 2.2 Users Guide
OL-4015-08
All traffic from this source subnet that has a destination IP address on the
destination subnet will be protected.
Destination
Enter the address of the destination subnet, and specify t he mask for that subnet.
You can select a subnet mask from the list, or type in a custom mask. The subnet
number and mask must be entered in dotted decimal format, as shown in the
previous examples.
All traffic going to the hosts in this subnet will be protected.

Create/Select an access-list for IPSec traffic

Use this option if you need to specify multiple sources and destinations, and/or
specific types of traffic to encrypt. An IPSec rule can consist of multiple entries,
each specifying different traffic types and different sources and destinations.
Click the button next to the field, and specify an existing IPSec rule that defines
the traffic you want to encrypt, or create an IPSec rule to use for this VPN. If you
know the number of the IPSec rule, enter it in the box to the right. If you do not
know the number of the rule, click the ... button and browse for the rule. When
you select the rule, the number will appear in the box.
Note Because they can specify traffic type, and both source and destination, IPSec rules
are extended rules. If you enter the number or name of a standard rule, a Warning
message is displayed indicating that you have entered the name or number of a
standard rule.
Any packets that do not match the criteria in the IPSec rule are sent with no
encryption.
Summary of the Configuration
This window shows you the VPN or DMVPN configuration that you created. You
can review the configuration in this window and use the back button to make
changes if you want.