Hi all The following is how usually our lab will be for EzVPN
10.20.30.0/24 ----- EzVPN client -------------- switch -------------- EzVPN server -------------- 20.10.30.0/24 In the case of legacy EzVPN (without virtual templates), do we need to configure routes for the remote subnets? For the case of VTI based EzVPN the following will happen are the tunnel comes up - On the client, a default route or route to split tunnel networks will be added with virtual-access interface to the routing table. - When client connects in client mode, on the server, a route to the Pool address that has been leased to the client with virtual access will be added to the routing table. - When client connects in network-extension mode, on the server, a route to the network behind with virtual access will be added to the routing table. Hence with the topology that I have given, you don't need routing protocols or static routes for 10.20.30.0/24 and 20.10.30.0/24 on the client and server respectively. For legacy i.e., non-VTI based EzVPN, the routes are not added to the routing table i.e., if you issue "sh ip routre" you can't see the routes but are routed. The only case to add the route is when local pool falls in the same subnet of the local network of the server and hence we need to add static routes on the server. Please correct/add your comments on the way the legacy EzVPN handles the routes for the remote subnet. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
