Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

26-6

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 26 GRE and DM VPNs

GRE and Dynamic GRE VPNs

Related Topics

• Understanding IKE, page 25-5

• Understanding GRE, page 26-2

• Prerequisites for Successful Configuration of GRE, page 26-3

• Advantages of IPsec Tunneling with GRE, page 26-3

Configuring GRE Modes for GRE or GRE Dynamic IP VPNs

Use the GRE Modes policy to define the routing and tunnel parameters for IPsec tunneling in a GRE or

GRE Dynamic IP VPN.

To open the GRE Modes policy:

• (Site-to-Site VPN Manager Window, page 24-18) Select an IPsec/GRE or GRE Dynamic IP

topology, then select GRE Modes from the policies list.

• (Policy view) Select Site-to-Site VPN > GRE Modes, and create a new policy or select an existing

policy. Then, select either IPsec/GRE or Dynamic GRE from the GRE Method list.

The following table describes the elements on the GRE Modes page for configuring IPsec tunneling with

GRE or GRE Dynamic IP.

Note When configuring a GRE routing policy, Security Manager adds a routing protocol to all the devices in

the secured IGP, on deployment. If you want to maintain this secured IGP, you must create a router

platform policy (on each member device) using the same routing protocol and autonomous system (or

process ID) number as defined in the GRE Modes policy.

Table 26-1 GRE Modes Page for GRE or GRE Dynamic IP VPNs

Element Description

Routing Parameters Tab

Routing Protocol Select the required dynamic routing protocol (EIGRP, OSPF, or

RIPv2,) or static route to be used for GRE or GRE Dynamic IP.

The default routing protocol is EIGRP.

For more information about configuring these protocols, see

Prerequisites for Successful Configuration of GRE, page 26-3.

AS Number

(EIGRP only.)

The number that is used to identify the autonomous system (AS) area

to which the EIGRP packet belongs. The range is 1-65535. The default

is 110.

An autonomous system (AS) is a collection of networks that share a

common routing strategy. An AS can be divided into a number of areas,

which are groups of contiguous networks and attached hosts. Routers

with multiple interfaces can participate in multiple areas. An AS ID

identifies the area to which the packet belongs. All EIGRP packets are

associated with a single area, so all devices must have the same AS

number.

Hello Interval

(EIGRP only.)

The interval between hello packets sent on the interface, between 1 and

65535 seconds. The default is 5 seconds.

previous next