Filter
Top Products
24-62
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 24 Managing Site-to-Site VPNs: The Basics
Creating or Editing VPN Topologies
High Availability Available if the VPN topology type is hub-and-spoke.
If a High Availability policy is configured on a device in your
hub-and-spoke VPN topology, displays the details of the policy. See
Configuring High Availability in Your VPN Topology, page 24-49.
VRF-Aware IPsec Available if the VPN topology type is hub-and-spoke.
If a VRF-Aware IPsec policy is configured on a hub in your
hub-and-spoke VPN topology, displays the type of VRF solution
(1-Box or 2-Box) and the name of the VRF policy. See Configuring
VRF Aware IPsec Settings, page 24-46.
Summary Information for Extranet VPNs
IKE Phase 1 Proposal section The parameters for the IKE Phase 1 proposal, which are defined in the
IKE Proposal policy object that is assigned to the Extranet. For
information about the settings, see the following topics:
• Configuring IKEv1 Proposal Policy Objects, page 25-10
• Configuring IKEv2 Proposal Policy Objects, page 25-13
IKE Phase 2 Proposal section The parameters of the IKE Phase 2 proposal. Most of these parameters
are configured in the IPsec transform set policy object assigned to the
Extranet. For explanations, see Configuring IPSec IKEv1 or IKEv2
Transform Set Policy Objects, page 25-25.
The Lifetime attribute parameter is defined in the VPN Global Settings
policy, see Configuring VPN Global Settings, page 25-29. The Perfect
Forward Secrecy parameter is defined in the IPsec Proposal policy, see
Configuring IPsec Proposals in Site-to-Site VPNs, page 25-21.
Authentication section The preshared key or the PKI enrollment policy object that defines the
certificate used to authenticate the connection.
When using preshared keys, you can click the Show/Hide Key button
to toggle between showing and masking the key. If you print the
summary or generate a PDF, the key is shown or hidden based on your
selection here.
Local The device at the local (managed) end of the Extranet VPN, including
the display name, VPN interface name and IP address, and the
protected networks.
Remote The device at the remote (unmanaged) end of the Extranet VPN,
including the device name, the IP address of the VPN interface, and the
protected networks.
Print button Click this button to print the summary. The preshared key is shown or
hidden based on what is currently displayed in the page.
To print the summary, you must have Adobe Acrobat Reader installed.
Security Manager generates a PDF of the summary and then prints it
using Acrobat’s printing capability.
Generate PDF button Click this button to create a PDF of the summary. The preshared key is
shown or hidden based on what is currently displayed in the page. You
are prompted for a file name and a location to save the PDF.
Table 24-14 VPN Summary Page (Continued)
Element Description