From: Tarun Pahuja (pahujat@gmail.com)
Date: Tue May 22 2007 - 23:08:31 ART
Peter,
You do not necessarily have to specify NAT/PAT on the client
router for EzVPN unless you are doing advanced configuration and Yes you
would have to enable Reverse-route injection on the concentrator to
propagate the static route created after the tunnel is created to other
devices in your internal network behind the concentrator.If you are still
having problems, please contact me offline and I would be more than happy to
help. Please look at the following useful link:
http://steve-cisco-exam-review.org/2007/05/09/talk-about-the-mode-of-cisco-easy-vpn-remote/ Thanks,
On 5/22/07, Peter Svidler <doubleccie@yahoo.com> wrote:
This archive was generated by hypermail 2.1.4
: Fri Jun 01 2007 - 06:55:21 ART
Tarun Pahuja
CCIE#7707(R&S,Security,SP,Voice,Storage)
>
> Thx for the explanation ..a couple of questions though
>
> I have an ezvpn client router connecting to VPN3k as server , in client
> mode , the tunnel gets up and i receive an IP address from the VPN3k ( the
> IP is part of the VPN3k private subnet )
>
> first question , do i need to explicitly configure PAT on the router ??
>
> secondly , from inside PC connecting the router as GW ..i am not able to
> ping the private subnet of the VPN3k because the router has no idea about
> this subnet ..so do i need to specifically add static route on the router to
> allow it to know about the remote subnet ( althought the interface got an IP
> address from this subnet ..i expected the router to add this route
> ..something like RRI..but i did not )
>
> thanks in advance
>
>
>
>
>
> Brian McGahan <bmcgahan@internetworkexpert.com> wrote:
> The difference is NAT. With client mode all traffic from the
> inside ezvpn interface is port address translated to the address
> negotiated from the ezvpn configuration. With network extension mode no
> NAT is applied, so the ezvpn server does not need to lease an address
> out to the client via mode-cfg, and the server needs a route back to all
> source networks that the client is sending traffic from.
>
>
> HTH,
>
> Brian McGahan, CCIE #8593 (R&S/SP)
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Peter Svidler
> Sent: Monday, May 21, 2007 3:29 PM
> To: ccielab@groupstudy.com; security@groupstudy.com
> Subject: network extension mode vs client mode
>
> guys ;
> I am trying to understand the differences between those two modes used
> with ezvpn ...if someone can highlight the differences between the two
> modes , things like when to use each mode, do i have to use NAT or not ?
> and with NEM do i have to use split tunneling ?
>
>
>
>
> thanks in advance
>
>
>
> ---------------------------------
> Be a better Heartthrob. Get better relationship answers from someone who
> knows.
> Yahoo! Answers - Check it out.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
> ---------------------------------
> You snooze, you lose. Get messages ASAP with AutoCheck
> in the all-new Yahoo! Mail Beta.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html