For ASA and IOS VTI based EzVPN, it is not required, they are added automatically.
For legacy EzVPN, you need to add. But I have seen adding there sometimes too With regards Kings On Thu, Nov 25, 2010 at 10:07 PM, Kamran Shakil <[email protected]>wrote: > > Hi Guys. > > Well. thanks alot to get me a swift grip of the things! Well, just 1 more > query, "this reverse-route" thingy ? well, shall we use it always when we > work with > EzVPN stuff, or i can find a need for it in other VPN scenarios ???? > > > > regards, > > Kamran Shakil > ITA NDC Operations Engineer > BS(CS) MCSE CGAdmin CCDA CCNA > CCNP CCDP CS-CFEDS CS-CIPCES > CS-CIPCCES CS-CWALANDS CCIE-Sec. > MidEast Data Systems LLC Oman > Cell: + 968 95804126 > Office: + 968 24576640 > http://www.mynameise.com/kamranshakil77 > > Confidentiality Warning: > "This message and any attachments are intended only for the use of the > intended recipient(s), are confidential, and may be privileged. If you are > not the intended recipient, you are hereby notified that any review, > retransmission, conversion to hard copy, copying, circulation or other use > of all or any portion of this message and any attachments is strictly > prohibited. If you are not the intended recipient, please notify the sender > immediately by return e-mail, and delete this message and any attachments > from your system." > > > > -----Original Message----- > From: Kingsley Charles [mailto:[email protected]] > Sent: Thu 11/25/2010 6:28 PM > To: Vybhav Ramachandran > Cc: Kamran Shakil; [email protected] > Subject: Re: [OSL | CCIE_Security] VPN queries (2) > > Irrespective of whether network extension mode or client mode is used, if > split tunneling is not enabled, all traffic from client will go to server > and then come back to Internet. > > With regards > Kings > > On Thu, Nov 25, 2010 at 7:15 PM, Vybhav Ramachandran <[email protected] > >wrote: > > > Hello Kamran, > > > > 1 ) Split tunnelling is possible even when using client mode. To check, i > > labbed it up now and i am able to successfully split access to the IPSec > > tunnel. Just follow the usual configuration and you will see that it > works. > > If you want , i could send you a sample server, client config. P.S : > Remeber > > to configure "*reverse-route*" under the EZVPN server configuration, > > otherwise the server cannot send traffic to the client even after the VPN > > tunnel has been established. > > > > 2) Using network-plus ( or Network extension plus ), when the client > > connects to the ezvpn server, the following things happen. > > > > - The client is assigned an IP address from the pool ( just like > client > > mode ) > > - The client's network is also added to the routing table of the > server > > ( like network extension mode ) > > - So effectively, if you look at the crypto ipsec sa's which are > > formed, network plus is a combination of both network extension and > client > > modes of operation. > > - The advantage of this mode is if , because of some reason, the > > network behind the client becomes unreachable, the server can atleast > use > > the IP assigned to the client to check if the IPSec tunnel is up and > > running. > > - You can find some good material on this HERE -> > > > http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_easy_vpn_rem_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1046206 > > > > Hope this helps. > > > > Cheers, > > TacACK > > > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
