24-24
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 24 Managing Site-to-Site VPNs: The Basics
Site-To-Site VPN Discovery
Related Topics
• Supported and Unsupported Technologies and Topologies for VPN Discovery, page 24-20
• Prerequisites for VPN Discovery, page 24-21
• Discovering Site-to-Site VPNs, page 24-24
• Rediscovering Site-to-Site VPNs, page 24-26
Discovering Site-to-Site VPNs
This procedure describes how to discover a Site-to-Site VPN that is already working in your network but
that has not yet been defined in Security Manager.
Related Topics
• Discovering Site-to-Site VPNs, page 24-24
• Discovering Policies, page 5-12
• Supported and Unsupported Technologies and Topologies for VPN Discovery, page 24-20
• Prerequisites for VPN Discovery, page 24-21
• VPN Discovery Rules, page 24-21
• Understanding Devices Supported by Each IPsec Technology, page 24-9
• Including Unmanaged or Non-Cisco Devices in a VPN, page 24-11
Step 1 In Device view, select Policy > Discover VPN Polices to open the Discover VPN Policies
Wizard—Name and Technology page.
Step 2 Specify the following information:
• VPN Name—The name of the VPN being discovered.
You cannot specify the name when discovering Extranet VPNs. Instead, Security Manager discovers
all Extranets defined on the device, and for each Extranet, the VPN name is a hyphenation of the
local and remote IP addresses. For example, if the local address is 10.100.10.1 and the remote
address is 10.100.11.1, the Extranet VPN is named 10.100.10.1-10.100.11.1.
• Description—An optional description of the VPN. You cannot add a description to Extranet VPN
discovery.
• Topology—The type of VPN that you are discovering—Hub and Spoke, Point to Point, Full Mesh,
or Extranet.
A User Group policy is configured with
backup servers using hostnames instead
of an IP addresses.
VPN policy discovery fails with the following error:
Policy Discovery Failed:
com.cisco.nm.vms.discovery.DiscoveryException: Internal
Error
In order for discovery to be successful, you need to
reconfigure the user group policy on the device with backup
servers using IP address, not hostnames.
Table 24-3 VPN Discovery Rules (Continued)
If this condition exists: The VPN discovery is handled as follows: