Yes.
As the VTI is only applied when the VPN is up there is no difference between the two when it is down. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Kingsley Charles [mailto:[email protected]] Sent: Tuesday, July 27, 2010 1:52 AM To: Tyson Scott Cc: [email protected] Subject: Re: [OSL | CCIE_Security] EzVPN client restrict traffic when tunnel is down Hi Tyson Thx, that answered my question. Can you please comment on the two below given comments: * "flow restrict" will restrict all the traffic from the ezvpn inside interface when it is down right? * Is the "flow" command is applicable to both VTI and non-VTI based EzVPN client With regards Kings On Mon, Jul 26, 2010 at 10:56 PM, Tyson Scott <[email protected]> wrote: Volume 2 Lab20. R1 EZVPN Section. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Monday, July 26, 2010 6:43 AM To: [email protected] Subject: [OSL | CCIE_Security] EzVPN client restrict traffic when tunnel is down Hi all Has anyone tried testing the functionality of the following commands of IOS EzVPN client. These commands actually restrict the client in sending traffic in clear text when the tunnel is down. flow restrict - completely restricts the traffic from interface configured from "crypto ipsec client ezvpn king inside" flow allow acl - allows only the traffic specified in the ACL The traffic still goes in clear text when tunnel is down for me. Any thoughts? If it is working for you, can you please send me the working config. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
