Hi Eugene, I have tested it with all three modes and works well. The only difference is that with client mode and network-plus the virtual-access interface will inherit the IP address of lo10000.
> > I recently did my tests with DHCP based EzVPN remote router and all I had > to do under the client virtual-template interface was: > > interface Virtual-Template1 type tunnel > no ip address > tunnel mode ipsec ipv4 > > Then when you apply the crypto ipsec client profile to the physical > interfaces the virtual-access interface automatically reads/detects what > physical interface is outside and binds it to itself to be something like > this: > > interface Virtual-Access2 > no ip address > tunnel source Fa0/1 > tunnel mode ipsec ipv4 > But I have to note that I did my tests for network extension mode. Cisco > says the following regarding this: > > http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_esyvpn/configuration/12-4t/sec-easy-vpn-rem.html > > = = = = = = = = = = = = = > In the case of client or network plus mode, Easy VPN creates a loopback > interface and assigns the address that is pushed in mode configuration. To > assign the address of the loopback to the interface, use the ip unnumbered > command (ip unnumbered loopback). In the case of network extension mode, > the virtual access will be configured as ip unnumbered ethernet0 (the bound > interface). > = = = = = = = = = = = = = > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
