Guys,
I just wanted to clear my concept here about EZVPN and asking for your help
and feedback.
I did Google search and did not find direct answers therefore still not
clear.
Question-1:
!
EZVPN SERVER ROUTER:
!
crypto isakmp profile ISAP
match identity group EZC
client authentication list LAUTHEN
isakmp authorization list LAUTHOR
client configuration address respond
virtual-template 1
!
crypto ipsec transform-set TSET esp-3des esp-md5-hmac
!
crypto ipsec profile IPSP
set transform-set TSET
set reverse-route distance 50
set isakmp-profile ISAP <<< Why do we use this command here,
since it works without this command? >>>
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSP
!
Question-2:
I did not use the virtual-template on the client router but used it on the
server above. Why do we need virtual-template for EZVPN when it works
without it?
!
EZVPN CLIENT ROUTER.
!
interface Loopback11
ip address 10.11.11.11 255.255.255.0
crypto ipsec client ezvpn EZVPN inside
!
interface FastEthernet0/0
ip address 192.1.12.1 255.255.255.0
duplex auto
speed auto
crypto ipsec client ezvpn EZVPN
!
Crypto ipsec client ezvpn EZVPN
username R1 pass CISCO <<< Cisco documentation show that we can use this
command for automated login, but it does not work for some reason, any
suggestion?>>>
!
Question-3:
Why do we need to permit ESP when IPSec works without it for my EZVPN test?
!
access-list Inbound extended permit udp host 192.1.12.1 host 192.1.10.3 eq
isakmp
access-list Inbound extended permit esp host 192.1.10.1 host 192.1.12.3
!
access-group Inbound in int Outside
!
Blogs and organic groups at http://www.ccie.net
Received on Wed Oct 20 2010 - 17:36:50 ART
This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 06:42:06 ART