From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Sun Dec 03 2006 - 04:47:23 ART
NVI is new 12.3(T) feature, which is activated every time you configure NAT.
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a008041d91a.html
With ezVPN Remote in Client mode, NAT configuration is engaged
*automatically*,
to translate (PAT) inside interface addresses, into ezVPN configured IP
address.
You can vefiry this issuing "show ip nat statistics" command.
HTH
2006/12/3, Lab Rat #109385382 <techlist01@gmail.com>:
>
> It's not configured on the client, but as the server is a PIX, it is
> configured by default there.
>
> So, if NAT is configured on the server (Router, PIX, VPN-C), then it will
> issue a NVI to the remote automatically? No special configuration
> necessary?
>
> Thanks for the link...I'll check it out
>
>
> -----Original Message-----
> From: David Prall [mailto:dcp@dcptech.com]
> Sent: Saturday, December 02, 2006 5:46 PM
> To: 'Lab Rat #109385382'; security@groupstudy.com; 'Cisco certification';
> cisco@groupstudy.com
> Subject: RE: EZVPN Question...my imagination?
>
> It's the NAT Virtual Interface. So I'll assume that you have NAT
> configured.
>
>
> http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guid
> e09186a008041d91a.html
>
> David
>
> --
> David C Prall dcp@dcptech.com http://dcp.dcptech.com
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of Lab Rat #109385382
> > Sent: Saturday, December 02, 2006 8:08 PM
> > To: security@groupstudy.com; Cisco certification; cisco@groupstudy.com
> > Subject: EZVPN Question...my imagination?
> >
> > Why is it that sometimes it seems, when doing EZVPN with a router as a
> > remote, I get the "Interface NVI0" created and other times I don't?
> >
> >
> >
> > Like right now, I'm getting that dynamic interface created on the
> > remote router (which is taken from an address of the Local Pool on the
> > server).
> > However, earlier today, when using a router as the server, I did not
> > get this interface created on the remote router although the tunnel
> > did in fact connect.
> >
> >
> >
> > Is it my imagination, or this there a specific behavioral difference
> > between using a Router as an EZVPN server versus a PIX as an EZVPN
> > server?
> >
> >
> >
> > The only thing I can think of that I did differently was on the PIX I
> > enforced User Authentication.does that do it?
> >
> >
> >
> > Thanks,
> >
> > Eddie
> >
> > ______________________________________________________________
> > _________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Petr Lapukhov, CCIE #16379 petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 Outside US: 775-826-4344
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:36 ART