Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

26-8

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 26 GRE and DM VPNs

GRE and Dynamic GRE VPNs

Failover Cost

(OSPF or RIPv2 only.)

The cost of sending a packet on the secondary (failover) route interface.

You can enter a value in the range 1-65535 for OSPF (the default is

125), or in the range 1-15 for RIPv2 (the default is 2).

Filter Dynamic Updates on

Spokes

When selected, enables the creation of a redistribution list that filters

all dynamic routing updates on the spokes. This forces the spoke

devices to advertise (populate on the hub device) only their own

protected subnets and not other IP addresses.

Tunnel Parameters Tab

Tunnel IP Select the required option to specify the GRE or GRE Dynamic IP

tunnel interface IP address.

• Use Physical Interface—When selected, uses the private IP

address of the tunnel taken from the protected network.

• Use Subnet—When selected, uses the tunnel IP address taken from

an IP range. This is the default.

In the Subnet field, enter the private IP address including the

unique subnet mask (default is 1.1.1.0/24).

If you are also configuring a dial backup interface, enter its subnet

in the Dial Backup Subnet field provided (default is 1.1.2.0/24).

Note In most cases, when you use a subnet to specify a GRE tunnel

interface IP address, Security Manager creates a loopback

interface on the device which is used for the tunnel IP address.

If the device belongs to a VPN topology whose configurations

were discovered by Security Manager, and you configure an IP

address directly on the device’s GRE tunnel, Security Manager

keeps that configuration and does not create a loopback

interface on the device. However, a loopback is always

configured on a hub in a VPN topology; in a hub-and-spoke

VPN topology with multiple hubs, a loopback interface is also

configured on the spokes.

• Use Loopback Interface—When selected, uses the tunnel IP

address taken from an existing loopback interface. In the Role

field, enter the name of the interface role object that defines the

loopback interface name, or click Select to select it from a list or

to create a new object.

Note To view the new GRE tunnel or loopback interfaces in the

Router Interfaces page, you must rediscover the device

inventory details after successfully deploying the VPN to the

device.

Table 26-1 GRE Modes Page for GRE or GRE Dynamic IP VPNs (Continued)

Element Description

previous next