Filter
Top Products
24-64
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 24 Managing Site-to-Site VPNs: The Basics
Creating or Editing Extranet VPNs
• You can configure Extranet VPN connections for regular IPsec point-to-point connections only. For
example, you cannot use this method to identify a GET VPN key server that exists in your service
provider’s network. To configure all other types of Extranet connections, you must add dummy
unmanaged devices to the Security Manager inventory as described in Including Unmanaged or
Non-Cisco Devices in a VPN, page 24-11.
Related Topics
• Understanding VPN Topologies, page 24-2
• Configuring VPN Topologies in Device View, page 24-19
• Understanding IPsec Technologies and Policies, page 24-5
• Using Wizards, page 1-44
Step 1 Do one of the following
• To create a new Extranet VPN, in the Site-to-Site VPN Manager Window or the Site-to-Site VPN
policy page (Device View), click the Create VPN Topology (+) button and select Extranet VPN.
The Create Extranet VPN wizard starts with the Name and Technology page.
• To edit an existing Extranet VPN, select the VPN topology in the Site-to-Site VPN Manager window
or the Site-to-Site VPN policy page (Device View) and click the Edit VPN Topology (pencil)
button. The Edit Extranet VPN dialog box opens to the Device Selection tab.
Step 2 On the Name and Technology page or tab, configure the following; only the name is required:
• Name—A unique name that identifies the VPN topology.
• Description—A description of the VPN, up to 1024 characters.
• Creation Date—The date on which the VPN was created. When creating the VPN, today’s date is
the default. However, you can click the calendar icon beside the edit box and select the desired date.
• Ticket Number—If you use a trouble ticket system, and the action you are taking relates to a
tracked requirement, enter the number in this field. Security Manager does not use this number; it
is for your internal tracking purposes only.
• Last Modified By—The name, user ID, email address, or other indicator of the person who last
changed the settings for the VPN. Security Manager does not use this field; it is for your internal
tracking purposes only.
In the wizard, click Next; in the Edit Extranet VPN dialog box, click the Device Selection tab.
Step 3 On the Device Selection page or tab, configure the devices, interfaces, and protected networks for each
end of the connection:
• Local—This is the device in your managed network. The device must be in the Security Manager
inventory. Configure all of these properties:
–
Device—Enter the display name of the device or click Select to select it from the list of devices
in the inventory. You can select ASA 5500 series devices, PIX firewalls, or Cisco IOS routers
(including ASRs).
–
VPN Tunnel Interface—The name of the interface or interface role that identifies the external
interface for the VPN connection. Click Select to select an existing interface or interface role,
or to create a new interface role.
When you select an interface or role, the IP address for the matching interface appears next to
the IP Address display field. If no address appears, Security Manager could not determine the
IP address. Check your configuration or object selection.