I have been messing around with EZ VPN and various configurations. With the EZ VPN client in NEM, it inserts the SA's into my router as expected. My question is is there a way on the router acting as a EZ VPN Server to restrict what SA's can be inserted by an EZ VPN client in network extension mode? Just thinking there must be a way to prevent NEM from the server, or restrict the SA's that can be automatically created on the server by the client. I think there is a group-policy for this on the ASA (like nem disable), but I am overlooking something similar on the router platform. If anyone knows how this is done, let me know. If not, I'll post back when I figure it out.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
