Table of Contents
Advertisement
Create Site to Site VPN
Note
Digital Certificate
Note
Backup GRE Tunnel Information
Cisco Router and Security Device Manager 2.5 User's Guide
11-18
The characters that you enter for the pre-shared key are not displayed in the
•
field as you enter them. You may find it helpful to write down the key before
you enter it so that you can communicate it to the administrator of the remote
system.
Pre-shared keys must be exchanged between each pair of IPSec peers that
•
need to establish secure tunnels. This authentication method is appropriate
for a stable network with a limited number of IPSec peers. It may cause
scalability problems in a network with a large or increasing number of IPSec
peers.
Click this button if the VPN peers will use digital certificates for authentication.
The router must have a digital certificate issued by a Certificate Authority to
authenticate itself. If you have not configured a digital certificate for the router,
go to VPN components, and use the Digital Certificate wizard to enroll for a
digital certificate.
If you are authenticating using digital certificates, the VPN tunnel might not be
created if the CA server contacted during IKE negotiation is not configured to
respond to Certificate Revocation List (CRL) requests. To correct this problem,
go to the Digital Certificates page, select the configured trustpoint, and select
None for Revocation.
You can configure a backup GRE-over-IPSec tunnel that the router can use when
the primary tunnel fails. This tunnel will use the same interface that you
configured for the primary tunnel, but it must be configured with the backup VPN
router as the peer. If routing is configured for the primary GRE-over-IPSec tunnel,
the keepalive packets that the routing protocol sends are used to verify that the
tunnel is still active. If the router stops receiving keepalive packets on the primary
tunnel, then traffic is sent through the backup tunnel.
Chapter 11
Site-to-Site VPN
OL-4015-12
Advertisement
Table of Contents
Troubleshooting
