From: Tarun Pahuja (pahujat@gmail.com)
Date: Wed May 23 2007 - 14:22:27 ART
Peter,
I am Glad I could help.
Thanks,
Tarun Pahuja
CCIE#7707(R&S,Security,SP,Voice,Storage)
On 5/23/07, Peter Svidler <doubleccie@yahoo.com> wrote:
>
> Hi Tarun ;
> Thanks a lot for your explanation , I think i managed to understand it now
>
>
>
>
> *Tarun Pahuja <pahujat@gmail.com>* wrote:
>
> Peter,
> You do not necessarily have to specify NAT/PAT on the client
> router for EzVPN unless you are doing advanced configuration and Yes you
> would have to enable Reverse-route injection on the concentrator to
> propagate the static route created after the tunnel is created to other
> devices in your internal network behind the concentrator.If you are still
> having problems, please contact me offline and I would be more than happy
> to
> help. Please look at the following useful link:
>
>
> http://steve-cisco-exam-review.org/2007/05/09/talk-about-the-mode-of-cisco-easy-vpn-remote/
>
> Thanks,
> Tarun Pahuja
> CCIE#7707(R&S,Security,SP,Voice,Storage)
>
>
> On 5/22/07, Peter Svidler wrote:
> >
> > Thx for the explanation ..a couple of questions though
> >
> > I have an ezvpn client router connecting to VPN3k as server , in client
> > mode , the tunnel gets up and i receive an IP address from the VPN3k (
> the
> > IP is part of the VPN3k private subnet )
> >
> > first question , do i need to explicitly configure PAT on the router ??
> >
> > secondly , from inside PC connecting the router as GW ..i am not able to
> > ping the private subnet of the VPN3k because the router has no idea
> about
> > this subnet ..so do i need to specifically add static route on the
> router to
> > allow it to know about the remote subnet ( althought the interface got
> an IP
> > address from this subnet ..i expected the router to add this route
> > ..something like RRI..but i did not )
> >
> > thanks in advance
> >
> >
> >
> >
> >
> > Brian McGahan wrote:
> > The difference is NAT. With client mode all traffic from the
> > inside ezvpn interface is port address translated to the address
> > negotiated from the ezvpn configuration. With network extension mode no
> > NAT is applied, so the ezvpn server does not need to lease an address
> > out to the client via mode-cfg, and the server needs a route back to all
> > source networks that the client is sending traffic from.
> >
> >
> > HTH,
> >
> > Brian McGahan, CCIE #8593 (R&S/SP)
> > bmcgahan@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com <http://www.internetworkexpert.com/>
> > Toll Free: 877-224-8987 x 705
> > Outside US: 775-826-4344 x 705
> > 24/7 Support: http://forum.internetworkexpert.com
> > Live Chat: http://www.internetworkexpert.com/chat/
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Peter Svidler
> > Sent: Monday, May 21, 2007 3:29 PM
> > To: ccielab@groupstudy.com; security@groupstudy.com
> > Subject: network extension mode vs client mode
> >
> > guys ;
> > I am trying to understand the differences between those two modes used
> > with ezvpn ...if someone can highlight the differences between the two
> > modes , things like when to use each mode, do i have to use NAT or not ?
> > and with NEM do i have to use split tunneling ?
> >
> >
> >
> >
> > thanks in advance
> >
> >
> >
> > ---------------------------------
> > Be a better Heartthrob. Get better relationship answers from someone who
> > knows.
> > Yahoo! Answers - Check it out.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> > ---------------------------------
> > You snooze, you lose. Get messages ASAP with AutoCheck
> > in the all-new Yahoo! Mail Beta.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> ------------------------------
> Get the free Yahoo! toolbar<http://us.rd.yahoo.com/evt=48226/*http://new.toolbar.yahoo.com/toolbar/features/norton/index.php>and rest assured with the added security of spyware protection.
This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:22 ART