Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
24-10
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 24 Managing Site-to-Site VPNs: The Basics
Understanding IPsec Technologies and Policies
Related Topics
Creating or Editing VPN Topologies, page 24-28
Understanding Mandatory and Optional Policies for Site-to-Site VPNs, page 24-6
Including Unmanaged or Non-Cisco Devices in a VPN, page 24-11
Understanding and Configuring VPN Default Policies, page 24-12
Understanding VPN Topologies, page 24-2
Chapter 25, “Configuring IKE and IPsec Policies”
Understanding Policies, page 5-1
Dynamic Multipoint VPN (DMVPN),
Large Scale DMVPN.
See Dynamic Multipoint VPNs
(DMVPN), page 26-9 and Configuring
Large Scale DMVPNs, page 26-16.
DMVPN configuration is supported on Cisco IOS 12.3T
devices and later, and on ASRs running Cisco IOS XE
Software 2.x or later (known as 12.2(33)XNA+ in Security
Manager). Large Scale DMVPN configuration also supports
Catalyst 6500/7600 devices as IPsec Terminators.
To use DMVPN phase 3 connections between spokes,
devices must run IOS Software release 12.4(6)T or higher;
ASRs must run IOS XE Software release 2.4 (called
12.2(33)XND) or higher.
Easy VPN.
See Chapter 27, “Easy VPN”.
The Easy VPN Server can be a Cisco IOS security router
(including ASRs), a Catalyst 6500/7600 (with supported
VPN service modules or port adapters), a PIX Firewall, or an
ASA 5500 series device.
The Easy VPN client is supported on PIX 501, 506, 506E
Firewalls running PIX 6.3, Cisco 800-3900 Series routers,
and ASA 5505 devices running OS version 7.2 or later.
GET VPN.
See Chapter 28, “Group Encrypted
Transport (GET) VPNs”.
Key servers can be configured on:
Cisco 1800, 2800, 3800 Series ISR, Cisco 7200 Series
Routers, and Cisco 7301 Routers running Cisco IOS
Software release 12.4(15)T or later.
Cisco 1900, 2900, 3900 Series ISR running release 15.0
or later.
Group members can be configured on Cisco 1800, 1900,
2800, 2900, 3800, 3900 Series ISR, Cisco 7200 Series
Routers, and Cisco 7301 Routers with the same minimum
software releases. The Cisco 871 ISR can also be used as a
group member if GET VPN is deployed with very few (1-3)
IPSec SAs. In addition, you can configure Cisco ASR
Routers using Cisco IOS XE Software Release 2.3
(12.2(33)XNC) and above as group members.
Table 24-2 Devices Supported by Each IPsec Technology (Continued)
Technology Supported Platforms