![]() ![]()
Cisco does make some assumptions about the NAT/PAT configuration, though, as follows: The only requirement is that the Remote act as a DHCP server for its internal devices. EASYVPN NETWORK EXTENSION DUPLICAT SUBNETS SOFTWARECisco Easy VPN software will do this automatically. Because of the word "easy" in Easy VPN, you don't have to set up NAT or PAT on the Remote device. The main limitation of client mode is that devices behind the Easy VPN Server can't initiate connections to devices behind the client-mode Remote in this case, you would use network extension mode. Easy VPN Remote with Client and Network Extension Modes ![]() If you recall from Chapter 3, in client mode, the Easy VPN Remote is assigned a single internal IP address all devices behind the Remote have PAT performed on them by the Remote to send their traffic across the IPsec tunnel.įigure 18-2. Both support client and network extension modes, as shown in Figure 18-2. However, don't expect any help from the Cisco TAC if you have a problem with an unsupported Remote router client.Ĭisco Easy VPN Remote routers are more similar to Cisco 3002 hardware clients. I've successfully set up 36 routers as Remotes. EASYVPN NETWORK EXTENSION DUPLICAT SUBNETS SERIESThese advantages allow you to deploy a large number of Remotes quickly and easily.Įven though Cisco officially supports Remote functionality on the 800, ubr900, and 1700 series routers, the Remote commands work on other routers. Policies are defined on an Easy VPN Server and pushed down to the Remote during IKE Mode Config. In other words, there are very few commands you need to configure to set up a router as an Easy VPN Remote.Ĭisco accomplishes this by using the same process used with the Cisco VPN Client software: hiding all of the IPsec details from the user. Because of this complication and because administrators at remote offices might not be very Cisco-savvy at configuring IPsec sessions, Cisco has simplified the configuration for Easy VPN Remote devices. As you saw in the last section, setting up an Easy VPN Server on a router from the CLI is not the simplest process in the world. This was introduced in IOS 12.2(4)YA and 12.2(13)T. These routers include the 800, ubr900, and 1700 series routers. Besides supporting the Easy VPN Server function, certain routers also can be Easy VPN Remotes. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |