This issue is seen with an Easy VPN client router connected to a server with a Virtual Tunnel Interface (VTI) and no-split tunneling configured.
If an Easy VPN client is configured with a static route to the Internet, when the VPN comes up, it gets an additional static route out to the VPN. Therefore, the client ends up with two static routes. This breaks the VPN, as the client is unable to control which static route the traffic takes.
This is the correct and expected behavior. With no-split tunneling, all the traffic needs to be protected over the tunnel. Since VTI uses routing in order to decide which traffic must be protected, a default route needs to be installed in the case of no-split tunneling.
Note: Most routers that run the Cisco Easy VPN Client software have a default route configured. The default route that is configured must have a metric value greater than 1. The route points to the virtual access interface, so that all traffic is directed to the corporate network when the concentrator does not "push" the split tunnel attribute.
Hi Guys, just want to double check with you. In FTD, I have 2 subnet and if I need to have intervlan for those 2 VLAN, do I still need to configure an identity NAT or any NAT?My target is doing intervlan routing between the 2 VLAN without any IP change.th...
Hi,I set up DVTI in EVE with 2 routers. HUB------SPOKE.Virtual-template is not showing up/down. Instead of up/up.Checked Phase1 and Phase2 parameters but not sure where I made a mistake.Attached diagram and configuration.Please take a look.
I tested using both Cisco ISE 2.4 (patch 9) and Cisco ISE 2.6 (patch 1). I have a user who successfully authenticated via RADIUS against ISE. Under ISE, Operations > Live Logs (and Live sessions), I see the user authenticated. After the accounting requ...
Hello,I would like to download ESA software for C695. But I cannot find any versions for this model.https://software.cisco.com/download/home/282509130Does anyone know how to find it and download it? Thank you!SH SHAO