System-Level VPN with VPN Manager Overview
For AutoKey IKE and L2TP VPNs, create the VPN at the system level using VPN Manager. Table 1 describes the different VPNs that the VPN Manager supports.
Table 1: VPNs Supported
AutoKey IKE VPNs
Used in policy-based or route-based modes. You can also create a Mixed-Mode VPN to connect policy-based VPN members to route-based VPNs members in a single VPN.
L2TP-over-AutoKey IKE RAS VPNs and L2TP RAS VPNs
Connect and authenticate multiple L2TP remote access server (RAS) users and protected resources with or without encryption.
Re-usable VPN Components
Create objects to represent your protected resources, CA certificates and CRLs, custom IKE proposals, and NAT configurations, and then use these objects in multiple VPNs.
Compact and Expanded Views
Choose the Compact (default) or Expanded view to create your VPN. Both views offer the same configuration options.
Create tunnel interfaces on each route-based VPN member automatically. Use the device tunnel summary to review all autogenerated tunnels in the VPN.
Autogenerated VPN Rules
Create all VPN rules with a single click. NSM automatically generates the rules between each policy-based VPN member. You can review these rules, configure additional rule options (such as traffic shaping, attack protection, logging, limiting the number of sessions from each source IP towards servers to a given threshold count, and so on), and then insert the rules into a security policy.
Autogenerated VPN Routes
Automatically add virtual router information using the VPN Manager for each device based on the routing type. Specify a routing type of topology to autogenerate a route for all VPN members based on the configured routing type (static or dynamic). This information changes the tunnel interface data and virtual router data for each device.
To view all VPNs created with VPN Manager, select VPN Manager in the navigation tree. A list of saved VPNs appears in the main display area in table format. You can add and delete VPNs from this view.
VPN Manager does not support Manual Key VPNs; to create a Manual Key VPN in NSM, you must create the VPN at the device level in Device Manager.