User's Manual
Table Of Contents
- Site-to-Site VPN User Interface Reference
- Site-to-Site VPN Manager Window
- Create VPN Wizard
- Site to Site VPN Policies
- VPN Topologies Device View Page
B-67
User Guide for Cisco Security Manager 3.0.1
OL-8214-02
Appendix B Site-to-Site VPN User Interface Reference
Site to Site VPN Policies
Failover Cost Available if you selected the OSPF or RIPv2 routing protocol.
The cost of sending a packet on the secondary (failover) route
interface. You can enter a value in the range 1-65535. The default is
125.
Allow Direct Spoke to Spoke
Connectivity
When selected, enables direct communication between spokes,
without going through the hub.
Note With direct spoke-to-spoke communication, you must use
the Main Mode Address option for preshared key
negotiation. For more information, see Understanding
Preshared Key Policies, page 9-74.
Filter Dynamic Updates On
Spokes
Unavailable if you are using On-Demand Routing or a static route
for your DMVPN tunnel.
When selected, enables the creation of a redistribution list that
filters all dynamic routing updates (EIGRP, OSPF, and RIPv2) on
spokes. This forces the spoke devices to advertise (populate on the
hub device) only their own protected subnets and not other IP
addresses.
Tunnel Parameters Tab
Tunnel IP Range The IP range of the inside tunnel interface IP address, including the
unique subnet mask.
Note If Security Manager detects that a tunnel interface IP
address already exists on the device, and its IP address
matches the tunnel’s IP subnet field, it will use that interface
as the GRE tunnel.
Dial Backup Tunnel IP Range If you are configuring a dial backup interface, enter its inside tunnel
interface IP address, including the unique subnet mask.
Table B-22 GRE Modes Page > DMVPN Policy (continued)
Element Description