Irrespective of whether network extension mode or client mode is used, if split tunneling is not enabled, all traffic from client will go to server and then come back to Internet.
With regards Kings On Thu, Nov 25, 2010 at 7:15 PM, Vybhav Ramachandran <[email protected]>wrote: > Hello Kamran, > > 1 ) Split tunnelling is possible even when using client mode. To check, i > labbed it up now and i am able to successfully split access to the IPSec > tunnel. Just follow the usual configuration and you will see that it works. > If you want , i could send you a sample server, client config. P.S : Remeber > to configure "*reverse-route*" under the EZVPN server configuration, > otherwise the server cannot send traffic to the client even after the VPN > tunnel has been established. > > 2) Using network-plus ( or Network extension plus ), when the client > connects to the ezvpn server, the following things happen. > > - The client is assigned an IP address from the pool ( just like client > mode ) > - The client's network is also added to the routing table of the server > ( like network extension mode ) > - So effectively, if you look at the crypto ipsec sa's which are > formed, network plus is a combination of both network extension and client > modes of operation. > - The advantage of this mode is if , because of some reason, the > network behind the client becomes unreachable, the server can atleast use > the IP assigned to the client to check if the IPSec tunnel is up and > running. > - You can find some good material on this HERE -> > > http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_easy_vpn_rem_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1046206 > > Hope this helps. > > Cheers, > TacACK > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
