Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
24-31
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 24 Managing Site-to-Site VPNs: The Basics
Creating or Editing VPN Topologies
The following table describes the options you can configure when defining the name and technology.
Related Topics
Understanding IPsec Technologies and Policies, page 24-5
Table 24-5 Name and Technology Page
Element Description
Name A unique name that identifies the VPN topology.
Description Information about the VPN topology.
IPsec Technology The IPsec technology used in the VPN topology:
Regular IPsec
IPsec/GRE
DMVPN (Hub and Spoke VPN only)
Easy VPN (Hub and Spoke VPN only)
GET VPN (Full Mesh VPN only)
Type The technology type if the selected IPsec technology is IPsec/GRE or
DMVPN for a hub-and-spoke topology:
IPsec/GRE—Select either Standard (for IPsec/GRE) or Spokes
with Dynamic IP (for GRE Dynamic IP). For more information,
see Understanding GRE Configuration for Dynamically Addressed
Spokes, page 26-5.
DMVPN—Select either Standard (for regular DMVPN) or Large
Scale with IPsec Terminator (for a large scale DMVPN). For
more information, see Configuring Large Scale DMVPNs,
page 26-16.
IKE version When configuring regular IPsec topologies, the Internet Key Exchange
(IKE) version to allow in IKE negotiations. You can allow version 1
(IKEv1), version 2 (IKEv2), or both IKEv1 & IKEv2.
If you select IKEv1 & IKEv2, IKEv1 is automatically used by any
device that does not support IKEv2. However, if you select IKEv2 only,
you must ensure that you do not select any devices that do not support
IKEv2 (the wizard does not prevent an invalid selection). You can edit
the IKE Proposal and IPsec Proposal policies to change which IKE
versions are supported after creating the VPN if you select the wrong
option.
For information on IKE and how these versions differ, see Overview of
IKE and IPsec Configurations, page 25-2. For information on devices
that support IKEv2, see Understanding Devices Supported by Each
IPsec Technology, page 24-9.
Tip When using the Create VPN wizard, if you select an option that
allows IKEv2, the wizard never creates a valid topology. After
completing the wizard, you must manually configure the IKEv2
Authentication policy to complete the configuration.
 previous next