Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
24-22
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 24 Managing Site-to-Site VPNs: The Basics
Site-To-Site VPN Discovery
Tip Because Extranet VPN discovery involves the analysis of a single device (the managed device), most of
these rules do not apply to Extranet VPN discovery. Any rule that involves consistency of values among
devices in the VPN is not applicable.
Table 24-3 VPN Discovery Rules
If this condition exists: The VPN discovery is handled as follows:
Security Manager cannot contact a
device in the VPN for live device
discovery.
If the device is the only hub or spoke in the VPN,
discovery fails.
If there are other hubs or spokes in the VPN, discovery
proceeds but the unavailable device is not discovered.
Except for Extranet VPNs, if the device is a peer in a
point-to-point topology, discovery fails. For Extranet
VPNs, only the managed device is contacted, and
discovery fails if it cannot be contacted.
If the device is a peer in a full mesh topology and there
are only two devices, including the unavailable one, in
the topology, discovery fails. If there are more than two
devices, discovery proceeds but the unavailable device is
not discovered.
The VPN is a LAN-to-LAN VPN on an
ASA.
The ASA documentation uses “LAN-to-LAN” as a synonym
for “site-to-site.” In a LAN-to-LAN VPN configuration, the
ASA uses tunnel groups, which when used in a remote access
VPN configuration, Security Manager discovers as
connection profiles.
When discovering site-to-site VPNs on an ASA that uses
LAN-to-LAN (L2L) tunnel groups, Security Manager
creates a site-to-site VPN topology, and the L2L tunnel
groups are not presented to you as connection profiles.
Instead, you edit the properties of the VPN topology, and
during deployment, Security Manager will translate the
configuration into the appropriate L2L tunnel group
commands.