
User Guide for Cisco Security Manager 4.4
Chapter 24 Managing Site-to-Site VPNs: The Basics
Site-To-Site VPN Discovery
The options and methods for configuring shared policies from the Site-to-Site VPN Manager are the
same as those from Device view, as explained in the sections under Working with Shared Policies
in Device View or the Site-to-Site VPN Manager, page 5-34 and Using the Policy Banner, page 5-35.
You can share, assign, unassign, edit assignments, and rename policies, but no VPN policies allow
inheritance. To perform these tasks, select the VPN topology, then right-click the desired policy and
select the desired command.
You can also use Policy view to configure shared VPN policies.
Configuring VPN Topologies in Device View
Use the Site-to-Site VPN Device view policy to view and edit the site-to-site VPN topologies to which
a device belongs, if any. You can edit the VPN policies and change whether the device participates in the
topology. You can also create new VPN topologies.
This policy is essentially an access point for the Site-to-Site VPN Manager (see Site-to-Site VPN
Manager Window, page 24-18).
To open this policy, in Device view, select the desired device and then select Site-to-Site VPN from the
Policy selector.
The VPN topologies table lists all of the site-to-site VPNs to which this device belongs. Information
includes the type of VPN, its name, IPSec technology, and description.
To add a VPN, click the Create VPN Topology button, or right-click in the table and select Create
VPN Topology and select the type of topology you want to create from the options that are
displayed. This action opens the Create VPN Wizard or the Create Extranet VPN wizard. For more
information, see Creating or Editing VPN Topologies, page 24-28 or Creating or Editing Extranet
VPNs, page 24-63.
To edit a VPN, select it and click the Edit VPN Topology button, right-click the VPN and select
Edit VPN Topology, or simply double-click the entry. This opens the Edit VPN or Edit Extranet
VPN dialog box, which is a tabbed version of the Create VPN wizard (see Creating or Editing VPN
Topologies, page 24-28 or Creating or Editing Extranet VPNs, page 24-63).
To edit the policies for a VPN, select it and click the Edit VPN Policies button. The Site-to-Site
VPN Window opens displaying information about the VPN topology; select the desired policy from
the Policies selector to edit it.
To delete a VPN, select it and click the Delete VPN Topology button, or right-click the VPN and
select Delete VPN Topology. You are asked to confirm the deletion. For more information, see
Deleting a VPN Topology, page 24-67.
Site-To-Site VPN Discovery
You can discover the VPN topologies that are already deployed in your network so that you can use
Security Manager to manage them. Your VPN configurations are brought into Security Manager and
displayed as site-to-site VPN policies.
Except for Extranet VPNs, you can also rediscover the configurations of existing VPN topologies that
are already managed with Security Manager. For information about Site-to-Site VPN rediscovery, see
Rediscovering Site-to-Site VPNs, page 24-26.