Hi Guys. Well. thanks alot to get me a swift grip of the things! Well, just 1 more query, "this reverse-route" thingy ? well, shall we use it always when we work with EzVPN stuff, or i can find a need for it in other VPN scenarios ????
regards, Kamran Shakil ITA NDC Operations Engineer BS(CS) MCSE CGAdmin CCDA CCNA CCNP CCDP CS-CFEDS CS-CIPCES CS-CIPCCES CS-CWALANDS CCIE-Sec. MidEast Data Systems LLC Oman Cell: + 968 95804126 Office: + 968 24576640 http://www.mynameise.com/kamranshakil77 Confidentiality Warning: "This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system." -----Original Message----- From: Kingsley Charles [mailto:[email protected]] Sent: Thu 11/25/2010 6:28 PM To: Vybhav Ramachandran Cc: Kamran Shakil; [email protected] Subject: Re: [OSL | CCIE_Security] VPN queries (2) Irrespective of whether network extension mode or client mode is used, if split tunneling is not enabled, all traffic from client will go to server and then come back to Internet. With regards Kings On Thu, Nov 25, 2010 at 7:15 PM, Vybhav Ramachandran <[email protected]>wrote: > Hello Kamran, > > 1 ) Split tunnelling is possible even when using client mode. To check, i > labbed it up now and i am able to successfully split access to the IPSec > tunnel. Just follow the usual configuration and you will see that it works. > If you want , i could send you a sample server, client config. P.S : Remeber > to configure "*reverse-route*" under the EZVPN server configuration, > otherwise the server cannot send traffic to the client even after the VPN > tunnel has been established. > > 2) Using network-plus ( or Network extension plus ), when the client > connects to the ezvpn server, the following things happen. > > - The client is assigned an IP address from the pool ( just like client > mode ) > - The client's network is also added to the routing table of the server > ( like network extension mode ) > - So effectively, if you look at the crypto ipsec sa's which are > formed, network plus is a combination of both network extension and client > modes of operation. > - The advantage of this mode is if , because of some reason, the > network behind the client becomes unreachable, the server can atleast use > the IP assigned to the client to check if the IPSec tunnel is up and > running. > - You can find some good material on this HERE -> > > http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_easy_vpn_rem_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1046206 > > Hope this helps. > > Cheers, > TacACK > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
