24-37
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 24 Managing Site-to-Site VPNs: The Basics
Creating or Editing VPN Topologies
Local Peer IPSec
Termination
Unavailable if the selected technology is Easy VPN.
Specifies the IP address of the VPN interface of the local router. You
can select one of the following options:
• Tunnel Source IP Address—Use the IP address of the tunnel
source.
• VPN Interface IP Address—Uses the configured IP address on
the selected VPN interface. Only one VPN interface can match the
interface role. This option is available only if you select Configure
Unique Tunnel Source for each Tunnel in the GRE Modes policy.
• IP Address—Explicitly specify the IP address of the VPN
interface of the local router. Use this option when the device is
behind a NAT boundary to specify the NAT IP Address.
Note If you select a tunnel source as the VPN interface, it is likely
that the VPN interface has a dynamically assigned IP address.
• IP Address of Another Existing Interface to be Used as Local
Address (unavailable if IPsec technology is DMVPN)—To use the
configured IP address on any interface as a local address, not
necessarily a VPN interface. Enter the interface in the field
provided.
You can choose the required interface by clicking Select. A dialog box
opens that lists all available predefined interface roles, and in which
you can create an interface role object.
Tunnel Source Available only for IPsec/GRE or DMVPN.
If you have enabled the setting to use a unique tunnel source per tunnel
interface in the GRE Modes > Tunnel Parameters tab, the Override
Unique Tunnel Source per Tunnel Interface check box is available.
Select this option to specify a different tunnel source for the selected
device.
Specifies the tunnel source address to be used by the GRE or DMVPN
tunnel on the spoke side. You can select one of the following options:
• VPN Interface—Uses the VPN interface as the tunnel source
address.
• Interface—To use any interface as the tunnel source address, not
necessarily a VPN interface. Enter the interface name or click
Select to select an interface role that identifies the interface (you
can also create a role from the selection dialog box).
Table 24-6 Edit Endpoints Dialog Box, VPN Interface Tab (Continued)
Element Description
