The ACL in the group configuration is the split tunnel group not defining interesting traffic.
Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: <mailto:[email protected]> [email protected] Join our free online support and peer group communities: <http://www.IPexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. From: [email protected] [mailto:[email protected]] On Behalf Of Dnyaneshwar Gore Sent: Sunday, October 04, 2009 3:20 AM To: [email protected] Subject: [OSL | CCIE_Security] Cisco EzVPN Remote & Server config queries Hi All, I am configuring EzVPN remote setup with trigger method as access list. Hence I need to configure access-list for interesting traffic on EzVPN remote side. But is it necessary to configure access list under "crypto isakmp client configuration group EZVPN" in EzVPN server side? I have tested above setup with client and network - extension in EzVPN remote side and no access list under ezvpn group at EzVPN server side. It works with not problem. But when I configured network - plus mode in EzVPN remote side and no access list under ezvpn group at EzVPN server side then VPN session terminates automatically after some time.After running debug on EzVPN server side, I found error saying " proxy identities not suppored". Then I tried to define interesting traffic (proxy ids) in ezvpn group at EzVPN server side but still same error and vpn session disconnects. Do we need to configure anything extra for Network-PLUS mode at server side? Kindly do the needful Regards, D.M.Gore
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
