Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
CHAPTER
27-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
27
Easy VPN
Easy VPN is a hub-and-spoke VPN topology that can be used with a variety of routers, PIX, and ASA
devices. Policies are defined mostly on the hub and pushed to remote spoke VPN devices, ensuring that
clients have up-to-date policies in place before establishing a secure connection.
This chapter contains the following topics:
Understanding Easy VPN, page 27-1
Configuring Client Connection Characteristics for Easy VPN, page 27-7
Configuring an IPsec Proposal for Easy VPN, page 27-10
Configuring a Connection Profile Policy for Easy VPN, page 27-13
Configuring a User Group Policy for Easy VPN, page 27-14
Understanding Easy VPN
Easy VPN simplifies VPN deployment for remote offices. With Easy VPN, security policies defined at
the head end are pushed to remote VPN devices, ensuring that clients have up-to-date policies in place
before establishing a secure connection.
Security Manager supports the configuration of Easy VPN policies on hub-and-spoke VPN topologies.
In such a configuration, most VPN parameters are defined on the Easy VPN server, which acts as the
hub device. The centrally managed IPsec policies are pushed to the Easy VPN client devices by the
server, minimizing the remote (spoke) devices configuration.
The Easy VPN Server can be a Cisco IOS router, a PIX Firewall, or an ASA 5500 series device. The Easy
VPN client is supported on PIX 501, 506, 506E Firewalls running PIX 6.3, Cisco 800-3900 Series
routers, and ASA 5505 devices running ASA Software release 7.2 or later.
Note Some of the policies used in Easy VPN topologies are similar to those used in remote access VPNs. In
remote access VPNs, policies are configured between servers and mobile remote PCs running VPN
client software, whereas, in site-to-site Easy VPN topologies, the clients are hardware devices.
This section contains the following topics:
Easy VPN with Dial Backup, page 27-2
Easy VPN with High Availability, page 27-2
Easy VPN with Dynamic Virtual Tunnel Interfaces, page 27-2