User's Manual
Table Of Contents
- Site-to-Site VPN User Interface Reference
- Site-to-Site VPN Manager Window
- Create VPN Wizard
- Site to Site VPN Policies
- VPN Topologies Device View Page
B-63
User Guide for Cisco Security Manager 3.0.1
OL-8214-02
Appendix B Site-to-Site VPN User Interface Reference
Site to Site VPN Policies
Tunnel Parameters Tab
Tunnel IP Click one of the following radio buttons to specify the GRE or GRE
Dynamic IP tunnel interface IP address:
• Use Physical Interface—To use the private IP address of the
tunnel taken from the protected network.
• Use Subnet—To use the tunnel IP address taken from an IP
range. Then, in the Subnet field, enter the private IP address
including the unique subnet mask, for example 10.1.1.0/24. If
you are also configuring a dial backup interface, enter its subnet
in the Dial Backup Subnet field provided.
• Use Loopback Interface—To use the tunnel IP address taken
from an existing loopback interface. Then, in the Role field,
enter the interface, or select it from the list of interface roles
provided. For more information, see Interface Roles Page,
page C-126.
Note To view the newly created GRE tunnel and/or loopback
interfaces in the Router Interfaces page, you must
rediscover the device inventory details after successfully
deploying the VPN to the device. For more information, see
Configuring Cisco IOS Router Interfaces, page 12-2.
Tunnel Source IP Range Available only if the assigned IPSec technology is
GRE Dynamic IP.
The private IP address including the unique subnet mask that
supports the loopback for GRE. The GRE tunnel interface has an IP
address (inside tunnel IP address) which is taken from a loopback
interface that Security Manager creates specifically for this purpose.
When a spoke has a dynamic IP address, there is no fixed GRE
tunnel source address (to be used by the GRE tunnel on the spoke
side) or destination address (to be used by the GRE tunnel on the
hub side). Therefore, Security Manager creates additional loopback
interfaces on the hub and the spoke to use as the GRE tunnel
endpoints. You must specify a subnet from which Security Manager
can allocate an IP address for the loopback interfaces.
Table B-21 GRE Modes Page > GRE or GRE Dynamic IP Policy (continued)
Element Description