Filter
Top Products
24-20
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 24 Managing Site-to-Site VPNs: The Basics
Site-To-Site VPN Discovery
Note You can also discover configurations on devices in remote access VPNs that are already deployed in your
network. See Discovering Remote Access VPN Policies, page 29-12.
These topics provide information about Site-to-Site VPN discovery:
• Supported and Unsupported Technologies and Topologies for VPN Discovery, page 24-20
• Prerequisites for VPN Discovery, page 24-21
• VPN Discovery Rules, page 24-21
• Discovering Site-to-Site VPNs, page 24-24
• Defining or Repairing Discovered VPNs with Multiple Spoke Definitions, page 24-25
• Rediscovering Site-to-Site VPNs, page 24-26
Supported and Unsupported Technologies and Topologies for VPN Discovery
This topic lists the technologies and topologies that Security Manager can discover, as well as the VPN
features that are provisioned by Security Manager but cannot be discovered.
Supported Technologies for VPN Discovery
• IPsec, including LAN-to-LAN configurations on ASA devices.
• IPsec + GRE
• IPsec + GRE dynamic IP
• DMVPN
• Easy VPN
• GET VPN
Supported Topologies for VPN Discovery
• Point to point
• Hub and spoke
• Full mesh
• Extranet VPN (point-to-point to an unmanaged device)
VPN Features Provisioned by Security Manager but Unsupported for VPN Discovery
• Large Scale DMVPN with IPsec Terminator (high-concentration hub)
• VRF-Aware IPsec
• Dial backup
• IPsec and ISAKMP profiles for Easy VPN
• Easy VPN with High Availability
If you define and deploy policies of these types using Security Manager, your policies overwrite the
device configurations that were not discovered. Therefore, if you want Security Manager to manage
existing configurations, you should define policies that match the existing configurations as closely as
possible. (Use Tools > Preview Configuration to examine the results before deploying.) The VPN