Filter
Top Products
24-48
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 24 Managing Site-to-Site VPNs: The Basics
Creating or Editing VPN Topologies
Route Distinguisher The unique identifier of the VRF routing table on the IPsec Aggregator.
This unique route distinguisher maintains the routing separation for
each VPN across the MPLS core to the other PE routers.
The identifier can be in either of the following formats:
• IP address:X (where X is in the range 0- 2147483647).
• N:X (where N is in the range 0-65535, and X is in the range 0-
2147483647).
Note You cannot override the RD identifier after deploying the VRF
configuration to your device. To modify the RD identifier after
deployment, you must manually remove it using the device
CLI, and then deploy again.
Interface Towards Provider
Edge
(2-Box solution only.)
The VRF forwarding interface on the IPsec Aggregator towards the PE
device. If the IPsec Aggregator (hub) is a Catalyst VPN service module,
you must specify a VLAN.
Enter the name of the interface or interface role object, or click Select
to select it from a list or to create a new interface role object.
Routing Protocol
(2-Box solution only.)
The routing protocol to be used between the IPsec Aggregator and the
PE. The options are BGP, EIGRP, OSPF, RIPv2, or Static route. The
default is BGP.
If the routing protocol used for the secured IGP differs from the routing
protocol between the IPsec Aggregator and the PE, select the routing
protocol to use for redistributing the routing to the secured IGP.
For information about protocols, see Chapter 58, “Managing Routers”.
Note In a one-box solution, these fields are unavailable as you do not
need to specify the routing protocol and AS number. In the
one-box solution, only the BGP protocol is supported.
AS Number
(2-Box solution, BGP or
EIGRP routing only.)
The number that will be used to identify the autonomous system (AS)
area between the IPsec Aggregator and the PE. The AS number must be
within the range 1-65535.
If the routing protocol used for the secured IGP differs from the routing
protocol between the IPsec Aggregator and the PE, enter an AS number
that will be used to identify the secured IGP into which the routing will
be redistributed from the IPsec Aggregator and the PE. This is relevant
only when IPsec/GRE or DMVPN are applied.
Process Number
(2-Box solution, OSPF
routing only.)
The routing process ID number that will be used to identify the secured
IGP if you are using OSPF routing.
The range is 1-65535.
OSPF Area ID
(2-Box solution, OSPF
routing only.)
The ID number of the area in which the packet belongs. You can enter
any number from 0-4294967295.
Note All OSPF packets are associated with a single area, so all
devices must have the same area ID number.
Table 24-10 Edit Endpoints Dialog Box, VRF Aware IPsec Tab (Continued)
Element Description