Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
261
Views
0
Helpful
3
Replies

EZVPN Questions

dwalsh
Level 1
Level 1

‎01-26-2005 08:25 AM - edited ‎03-09-2019 10:07 AM

Hello,

I'd like to get some better information on how EZVPN works. Just some more information in general, but here's a specific question:

We have one central site with a static IP address. We have a few sites that have dynamic addresses (cable, DSL, etc.). One problem I've been unable to overcome is how to set up a site-to-site VPN with these remote sites and their changing IPs. Then it occurred to me, perhaps I could use EZVPN. My limited understanding is that EZVPN is just like a client VPN that is actually initiated by the remote device, instead of the user at his/her PC. So, would this work to get around the changing IPs?

Also, connectivity would have to be able to be initiated from either side (i.e. started from HQ to the remote site and from the remote site to HQ).

Any help or suggestions on EZVPN would be welcome.

Thanks,

Dave

Labels:
0 Helpful
3 Replies 3

Aaron Harrison
VIP Alumni
VIP Alumni

‎01-26-2005 11:56 AM

Hi Dave...

A few pointers for you...

EzVPN sounds like the way forward for you - it does indeed work just like a VPN client. There are two modes you can put the client device in (network extension mode and client mode), if you put it in client mode the tunnel is brought up when traffic from the client demands it, and all devices behind the device will be natted to the IP address assigned to the client from the IP pool configured on the headend device.

The other mode (network extension) is what you will want, in this mode the tunnel is brought up and kept up whenever the device is on. The config is very similar except for the command that sets the network-extension mode. The client device seems to register it's internal subnet with the headend, you just need to route traffic destined for the client device subnet to the headend device and you're away...

There are plenty of example configs on cisco.com if you search for ezvpn network extension or something similar..

Regards

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

dwalsh
Level 1
Level 1
In response to Aaron Harrison

‎01-27-2005 05:21 AM

Hi Aaron,

Thanks a lot for your information. Just one more question, if you don't mind:

I'm of the understanding that if you set up an EzVPN then, you can't NAT/PAT out from the remote location. I think this is because it sets up its own NAT/PATs to route traffic back to the head-end. If that's the case, how can they NAT their traffic going to the Internet (i.e. not back to HQ) in a split-tunnel scenario.

NOTE: We're using PIXes for the VPN devices right now, but we may want to throw in a spare 831 router as well.

Thanks,

Dave

0 Helpful

aashish.c
Level 4
Level 4
In response to dwalsh

‎01-28-2005 05:54 AM

Hi,

The split-tunneling will be done at the client end itself. So, by default whatever NAT/PAT you have configured for outside interface, at the client will be applied to your internet traffic.

VPN server at remote end will not do any NAT/PAT.

Regards

aashish C

0 Helpful
Customers Also Viewed These Support Documents