Hello Kamran,
1 ) Split tunnelling is possible even when using client mode. To check, i
labbed it up now and i am able to successfully split access to the IPSec
tunnel. Just follow the usual configuration and you will see that it works.
If you want , i could send you a sample server, client config. P.S : Remeber
to configure "*reverse-route*" under the EZVPN server configuration,
otherwise the server cannot send traffic to the client even after the VPN
tunnel has been established.
2) Using network-plus ( or Network extension plus ), when the client
connects to the ezvpn server, the following things happen.
- The client is assigned an IP address from the pool ( just like client
mode )
- The client's network is also added to the routing table of the server
( like network extension mode )
- So effectively, if you look at the crypto ipsec sa's which are formed,
network plus is a combination of both network extension and client modes of
operation.
- The advantage of this mode is if , because of some reason, the network
behind the client becomes unreachable, the server can atleast use the IP
assigned to the client to check if the IPSec tunnel is up and running.
- You can find some good material on this HERE ->
http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_easy_vpn_rem_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1046206
Hope this helps.
Cheers,
TacACK
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
