Hello, I was labbing this up today with an IOS EZVPN server. I have a simple question. Documentation suggests that we are REQUIRED to have a few specific Cisco A/V pairs defined as well as specific IETF A/V pairs with our base configuration. Notably:
IETF A/V Pairs Required ------------------------- Service-Type=”Outbound” Tunnel-Type=”IP ESP” Tunnel-Password=”PSK" Cisco AV Pairs Required ------------------------ ipsec:tunnel-type=ESP ipsec:key-exchange=IKE When configuring this feature, I totally skipped defining the "required" Cisco AV pairs above. I only defined the IETF pairs, then put the rest of my normal EZVPN group configuration under the Cisco AV Pairs (ipsec:inacl, ipsec:addr-pool, etc...). This seemed to work just fine, so I am wondering about this. It does not seem like you must configure the Cisco AV pairs that are said to be required. Is this correct, and if so why? -- Regards, Joe Astorino CCIE #24347 http://astorinonetworks.com "He not busy being born is busy dying" - Dylan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
