Cisco Cisco FirePOWER Appliance 7020
11-9
FireSIGHT System User Guide
Chapter 11 Using Gateway VPNs
Managing VPN Deployments
Note that you must apply the deployment for it to take effect; see
Configuring Star VPN Deployments
License:
VPN
Supported Devices:
Series 3
When configuring a star VPN deployment, you define a single hub node endpoint and a group of leaf
node endpoints. You must define the hub node endpoint and at least one leaf node endpoint to configure
the deployment. For more information, see
node endpoints. You must define the hub node endpoint and at least one leaf node endpoint to configure
the deployment. For more information, see
.
The following list describes the options you can specify in your deployment.
Name
Give the deployment a unique name.
Type
Click
Star
to specify that you are configuring a star deployment.
Pre-shared Key
Define a unique pre-shared key for authentication.
Device
You can select a managed device, including a device stack or cluster, as an endpoint for your
deployment. For Cisco managed devices not managed by the Defense Center you are using, select
deployment. For Cisco managed devices not managed by the Defense Center you are using, select
Other
and then specify an IP address for the endpoint.
Virtual Router
If you selected a managed device as your endpoint, select a virtual router that is currently applied
to the selected device. You cannot select the same virtual router for more than one endpoint.
to the selected device. You cannot select the same virtual router for more than one endpoint.
Interface
If you selected a managed device as your endpoint, select a routed interface that is assigned to the
selected virtual router.
selected virtual router.
IP Address
–
If you selected a managed device as an endpoint, select an IP address that is assigned to the
selected routed interface.
selected routed interface.
–
If the managed device is a device cluster, you can only select from a list SFRP IP addresses.
–
If you selected a managed device not managed by the Defense Center, specify an IP address for
the endpoint.
the endpoint.
Protected Networks
Specify the networks in your deployment that are encrypted. Enter a subnet with CIDR block for
each network.
each network.