Hi guys! I know this is an old post and it has been answered, but I would like to bring it back to discussion if you don't mind.
So we know that ip address is a requirement for EZVPN Remote for routing purposes which is great, but do we really need the "ip unnumbered lo0" or similar configured on the client virtual template?? I think the the answer could be very important when you need to find EZVPN injected faults in the config. Here is my config: Server: crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp client configuration group EZ key cisco pool remote acl split save-password crypto isakmp profile EZ match identity group EZ client authentication list EZ isakmp authorization list EZ client configuration address respond virtual-template 1 crypto ipsec transform-set ESP3DES esp-3des esp-sha-hmac crypto ipsec profile EZ_PROFILE set transform-set ESP3DES set isakmp-profile EZ interface Virtual-Template1 type tunnel ip unnumbered Loopback23 tunnel mode ipsec ipv4 tunnel protection ipsec profile EZ_PROFILE ip access-list extended split permit ip 1.1.1.0 0.0.0.255 any ip local pool remote 20.0.0.1 20.0.0.10 Remote: crypto ipsec client ezvpn EZVPN connect manual group EZ key cisco mode network-extension peer 8.9.56.6 virtual-interface 1 username cisco password cisco xauth userid mode local interface Virtual-Template1 type tunnel no ip address tunnel mode ipsec ipv4 > Hello, > > This might be a silly question, but I'm having a hard time wrapping my > head around why in most EZ-VPN remote examples the virtual-template > interface is usually configured with "ip unnumbered lo0" or similar. > Is there a reason for this configuration? Does the virtual-access > tunnel interface that gets cloned from the virtual-template require an > IP address or something? > > -- > Regards, > > Joe Astorino > CCIE #24347 > http://astorinonetworks.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
