Agreed. Thanks Kings! On Fri, Jun 22, 2012 at 8:00 PM, Kingsley Charles < [email protected]> wrote:
> On the Server, you need ip unnumbered configured. On the client side, it > is not required. > > > With regards > Kings > > On Sat, Jun 23, 2012 at 1:24 AM, Imre Oszkar <[email protected]> wrote: > >> Hi guys! >> >> I know this is an old post and it has been answered, but I would like to >> bring it back to discussion if you don't mind. >> >> So we know that ip address is a requirement for EZVPN Remote for routing >> purposes which is great, but do we really need the "ip unnumbered lo0" or >> similar configured on the client virtual template?? I think the the answer >> could be very important when you need to find EZVPN injected faults in the >> config. >> >> Here is my config: >> >> Server: >> crypto isakmp policy 10 >> encr 3des >> authentication pre-share >> group 2 >> crypto isakmp client configuration group EZ >> key cisco >> pool remote >> acl split >> save-password >> crypto isakmp profile EZ >> match identity group EZ >> client authentication list EZ >> isakmp authorization list EZ >> client configuration address respond >> virtual-template 1 >> >> crypto ipsec transform-set ESP3DES esp-3des esp-sha-hmac >> crypto ipsec profile EZ_PROFILE >> set transform-set ESP3DES >> set isakmp-profile EZ >> >> interface Virtual-Template1 type tunnel >> ip unnumbered Loopback23 >> tunnel mode ipsec ipv4 >> tunnel protection ipsec profile EZ_PROFILE >> >> ip access-list extended split >> permit ip 1.1.1.0 0.0.0.255 any >> >> ip local pool remote 20.0.0.1 20.0.0.10 >> >> >> Remote: >> >> crypto ipsec client ezvpn EZVPN >> connect manual >> group EZ key cisco >> mode network-extension >> peer 8.9.56.6 >> virtual-interface 1 >> username cisco password cisco >> xauth userid mode local >> >> interface Virtual-Template1 type tunnel >> no ip address >> tunnel mode ipsec ipv4 >> >> >> >> >> >> >> >> >> >>> Hello, >>> >>> This might be a silly question, but I'm having a hard time wrapping my >>> head around why in most EZ-VPN remote examples the virtual-template >>> interface is usually configured with "ip unnumbered lo0" or similar. >>> Is there a reason for this configuration? Does the virtual-access >>> tunnel interface that gets cloned from the virtual-template require an >>> IP address or something? >>> >>> -- >>> Regards, >>> >>> Joe Astorino >>> CCIE #24347 >>> http://astorinonetworks.com >>> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
