Re: network extension mode vs client mode

From: Tarun Pahuja (pahujat@gmail.com)
Date: Mon May 21 2007 - 21:02:14 ART

• Next message: Tarun Pahuja: "Re: transparent mode"
• Previous message: Edison Ortiz: "Re: Removing running-config"
• Maybe in reply to: Peter Svidler: "network extension mode vs client mode"
• Next in thread: Peter Svidler: "RE: network extension mode vs client mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Peter,
          Ezvpn can be a tricky topic. NAT is supported by both modes( NEM &
CEM). In Network extention mode the split-tunneling list defined on the head
end Device dictates what traffic would be NATed. Ofcourse, If
split-tunneling is disabled in NEM,no traffic would get NATed.

In NEM the IPSec tunnel can be initiated from either side which can be
kept up all the time(Special consideration is required to achieve it). In
(Network-Mode Plus) you can even request for an IP address via mode
configuration and automatically assign it to an available loopback
interface. The IPsec SAs for this IP address are automatically created by
Easy VPN Remote. The IP address is typically used for troubleshooting.

Hope this Helps.

Tarun Pahuja
CCIE #7707(R&S,Security,SP,Voice,Storage)

On 5/21/07, Brian McGahan <bmcgahan@internetworkexpert.com> wrote:
>
> The difference is NAT. With client mode all traffic from the
> inside ezvpn interface is port address translated to the address
> negotiated from the ezvpn configuration. With network extension mode no
> NAT is applied, so the ezvpn server does not need to lease an address
> out to the client via mode-cfg, and the server needs a route back to all
> source networks that the client is sending traffic from.
>
>
> HTH,
>
> Brian McGahan, CCIE #8593 (R&S/SP)
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Peter Svidler
> Sent: Monday, May 21, 2007 3:29 PM
> To: ccielab@groupstudy.com; security@groupstudy.com
> Subject: network extension mode vs client mode
>
> guys ;
> I am trying to understand the differences between those two modes used
> with ezvpn ...if someone can highlight the differences between the two
> modes , things like when to use each mode, do i have to use NAT or not ?
> and with NEM do i have to use split tunneling ?
>
>
>
>
> thanks in advance
>
>
>
> ---------------------------------
> Be a better Heartthrob. Get better relationship answers from someone who
> knows.
> Yahoo! Answers - Check it out.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Tarun Pahuja: "Re: transparent mode"
• Previous message: Edison Ortiz: "Re: Removing running-config"
• Maybe in reply to: Peter Svidler: "network extension mode vs client mode"
• Next in thread: Peter Svidler: "RE: network extension mode vs client mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:21 ART