On the Server, you need ip unnumbered configured. On the client side, it is not required.
With regards Kings On Sat, Jun 23, 2012 at 1:24 AM, Imre Oszkar <[email protected]> wrote: > Hi guys! > > I know this is an old post and it has been answered, but I would like to > bring it back to discussion if you don't mind. > > So we know that ip address is a requirement for EZVPN Remote for routing > purposes which is great, but do we really need the "ip unnumbered lo0" or > similar configured on the client virtual template?? I think the the answer > could be very important when you need to find EZVPN injected faults in the > config. > > Here is my config: > > Server: > crypto isakmp policy 10 > encr 3des > authentication pre-share > group 2 > crypto isakmp client configuration group EZ > key cisco > pool remote > acl split > save-password > crypto isakmp profile EZ > match identity group EZ > client authentication list EZ > isakmp authorization list EZ > client configuration address respond > virtual-template 1 > > crypto ipsec transform-set ESP3DES esp-3des esp-sha-hmac > crypto ipsec profile EZ_PROFILE > set transform-set ESP3DES > set isakmp-profile EZ > > interface Virtual-Template1 type tunnel > ip unnumbered Loopback23 > tunnel mode ipsec ipv4 > tunnel protection ipsec profile EZ_PROFILE > > ip access-list extended split > permit ip 1.1.1.0 0.0.0.255 any > > ip local pool remote 20.0.0.1 20.0.0.10 > > > Remote: > > crypto ipsec client ezvpn EZVPN > connect manual > group EZ key cisco > mode network-extension > peer 8.9.56.6 > virtual-interface 1 > username cisco password cisco > xauth userid mode local > > interface Virtual-Template1 type tunnel > no ip address > tunnel mode ipsec ipv4 > > > > > > > > > >> Hello, >> >> This might be a silly question, but I'm having a hard time wrapping my >> head around why in most EZ-VPN remote examples the virtual-template >> interface is usually configured with "ip unnumbered lo0" or similar. >> Is there a reason for this configuration? Does the virtual-access >> tunnel interface that gets cloned from the virtual-template require an >> IP address or something? >> >> -- >> Regards, >> >> Joe Astorino >> CCIE #24347 >> http://astorinonetworks.com >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
