Filter
Top Products
CHAPTER
26-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
26
GRE and DM VPNs
You can configure Generic Routing Encapsulation (GRE) and Dynamic Multipoint (DM) VPNs that
include GRE mode configurations. You can configure IPsec GRE VPNs for hub-and-spoke,
point-to-point, and full mesh VPN topologies. DMVPN is available for hub-and-spoke topologies only.
This chapter contains the following topics:
• Understanding the GRE Modes Page, page 26-1
• GRE and Dynamic GRE VPNs, page 26-2
• Dynamic Multipoint VPNs (DMVPN), page 26-9
Understanding the GRE Modes Page
Use the GRE Modes page to define the routing and tunnel parameters for IPsec tunneling with GRE,
GRE Dynamic IP, and DMVPN policies.
The content of the policy differs depending on how you access it:
• (Site-to-Site VPN Manager Window, page 24-18) When you select a GRE VPN or DMVPN, the
GRE Modes policy contains the properties related to the technology and technology type used in the
VPN.
• (Policy view) When you select Site-to-Site VPN > GRE Modes, and create a new policy or select
an existing policy, there is an additional field in the policy called GRE Method. From the GRE
Method list, you must select the VPN technology and technology type for which you are defining
the policy: IPsec/GRE, GRE Dynamic IP, DMVPN, or Large Scale DMVPN. This option controls
which fields are displayed in the policy. You cannot change the GRE Method after you save the
policy.
When you assign a shared GRE Modes policy to a VPN, the GRE Method and the VPN’s technology
and type must match or the policy cannot be selected. For example, you cannot assign a shared
DMVPN GRE Modes policy to an IPsec/GRE VPN.
The following topics describe the GRE Modes policy in detail based on the selected GRE Methods:
• IPsec/GRE or GRE Dynamic IP—See Configuring GRE Modes for GRE or GRE Dynamic IP VPNs,
page 26-6.
• DMVPN or Large Scale DMVPN—See Configuring GRE Modes for DMVPN, page 26-12.