CHAPTER
24-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
24
Managing Site-to-Site VPNs: The Basics
A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to
one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels to
encapsulate data packets within normal IP packets for forwarding over IP-based networks, using
encryption to ensure privacy and authentication to ensure integrity of data.
In Cisco Security Manager, site-to-site VPNs are implemented based on IPsec policies that are assigned
to VPN topologies. An IPsec policy is a set of parameters that define the characteristics of the site-to-site
VPN, such as the security protocols and algorithms that will be used to secure traffic in an IPsec tunnel.
Security Manager translates IPsec policies into CLI commands that can be deployed to the devices in the
VPN topology. Several policy types might be required to define a full configuration image that can be
assigned to a VPN topology, depending on the IPsec technology type.
The Site-to-Site VPN Manager defines and configures site-to-site VPN topologies and policies on Cisco
IOS security routers, PIX Firewalls, Catalyst VPN Service Modules, and Adaptive Security Appliance
(ASA) firewall devices.
Tip In ASA documentation, site-to-site VPNs are called LAN-to-LAN VPNs. These phrases are equivalent,
and we use “site-to-site VPN” in this documentation.
You can access the Site-to-Site VPN Manager by selecting Manage > Site-To-Site VPNs or clicking the
Site-To-Site VPN Manager button on the toolbar.
You can also configure shared policies in Policy view and view and configure topologies in Device view.
In Policy View, you can assign IPsec policies to VPN topologies.
This chapter contains the following topics:
• Understanding VPN Topologies, page 24-2
• Understanding IPsec Technologies and Policies, page 24-5
• Accessing Site-to-Site VPN Topologies and Policies, page 24-17
• Site-To-Site VPN Discovery, page 24-19
• Creating or Editing VPN Topologies, page 24-28
• Creating or Editing Extranet VPNs, page 24-63
• Deleting a VPN Topology, page 24-67