Table of Contents
Advertisement
Edit Site-to-Site VPN
To create a text file of the IPSec policy:
Caution
Cisco SDM Warning: NAT Rules with ACL
Original Address
Translated Address
Cisco Router and Security Device Manager 2.5 User's Guide
11-30
Click Save, and specify a name and location for the text file. You can give this text
file to the administrator of the peer device so that he or she can create a policy that
mirrors the one you created on the router. Click
Do I Configure the VPN on the Peer Router?
create a mirror policy.
The text file that you generate must not be copied into the configuration file of the
remote system, but must be used only to show what has been configured on the
local router so that the remote device can be configured in a way that is
compatible. Identical names for IPSec policies, IKE policies, and transform sets
may be used on the remote router, but the policies and transform sets may be
different. If the text file is simply copied into the remote configuration file,
configuration errors are likely to result.
This window appears when you are configuring a VPN using interfaces with
associated NAT rules that use Access rules. This type of NAT rule can change IP
addresses in packets before the packets leave or enter the LAN, and a NAT rule
will prevent VPN connections from functioning properly if it changes source IP
addresses so that they don't match the IPSec rule configured for the VPN. To
prevent this from happening, Cisco SDM can convert these to NAT rules that use
route maps. Route maps specify subnets that should not be translated.
The window shows the NAT rules that have to be changed to ensure the VPN
connection functions properly.
The IP address that NAT will translate.
The IP address that NAT will substitute for the original address.
Chapter 11
Site-to-Site VPN
After Configuring a VPN, How
to learn how to use the text file to
OL-4015-12
Advertisement
Table of Contents
Troubleshooting
