Filter
Top Products
24-11
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 24 Managing Site-to-Site VPNs: The Basics
Understanding IPsec Technologies and Policies
Including Unmanaged or Non-Cisco Devices in a VPN
Your VPN might include devices that you cannot, or should not, manage in Security Manager. These
include:
• Cisco devices that Security Manager supports, but for which your organization is not responsible.
For example, you might have a VPN that includes spokes in networks managed by other
organizations within your company, or a connection to a service provider or partner network.
• Non-Cisco devices. You cannot use Security Manager to create and deploy configurations to
non-Cisco devices.
You have two options for handling these kinds of devices:
• If the connection is a regular IPsec point-to-point connection, you can configure the connection as
an Extranet VPN as described in Creating or Editing Extranet VPNs, page 24-63.
• For other types of connections, you can include these devices in the Security Manager inventory as
“unmanaged” devices. These devices can serve as endpoints in a VPN topology, but Security
Manager does not discover any configurations from the device, nor does it deploy configurations to
them.
When the Extranet VPN option will not work, you must do the following before you can add an
unmanaged device to a VPN topology:
• Manually add the device as an unmanaged device to the device inventory using the procedure
described in Adding Devices by Manual Definition, page 3-25. Ensure that you make the following
selections:
–
Select a Cisco device type that is comparable to the device you are adding in terms of
VPN-supported technologies. The device type controls the types of VPN topologies to which
you can add the device. For example, for GRE/DMVPN, you might select an integrated services
router such as an 1800 or 2800 series, whereas in Easy VPN you could also select an ASA or
PIX device if appropriate.
–
Deselect the Manage in Cisco Security Manager option. This is very important, because the
default is to make all new devices managed devices. If you forget to do this while adding the
device, you can deselect the option later on the General tab in the device properties (right-click
the device and select Device Properties).
• Using the interface policy for the device, define the external VPN interface to which managed
devices will point. Because the device is unmanaged, your definitions in this policy are never
configured on the device; the policy simply represents what you have configured on the device
outside of Security Manager.
Related Topics
• Understanding Devices Supported by Each IPsec Technology, page 24-9
• Selecting Devices for Your VPN Topology, page 24-32
• Creating or Editing VPN Topologies, page 24-28