09-17-2010 08:16 AM
Does anyone know which networks are selected by the harware client to be sent to the vpn headend device? Are the networks select from the static routes? or from the routes on the routing table (received via a routing protocol?)? is there a way to influence this decision?
thanks!
Diogo
09-17-2010 08:19 AM
Hi Diogo,
That decision is made by the ACL pushing down from EZVPN server.
HTH,
Lei Tian
09-17-2010 11:57 AM
I'm talking abotu an ezvpn setup where the headend has a dynamic crypto-map configured. Much like the one show here :
http://www.cisco.com/en/US/docs/routers/access/1800/1841/software/configuration/guide/ezvpn.pdf
Diogo
09-17-2010 12:02 PM
Hi Diogo,
We are talking about the same thing. Search 'acl SPLIT_T' in the document you were looking for. This is the ACL used to control what traffic will be sent to headend.
HTH,
Lei Tian
09-17-2010 12:12 PM
OK, you're right. But what if I don't want to use split tunnel? Or do I must?
Diogo
09-17-2010 12:30 PM
Hi Diogo,
That's how EZVPN works. Everything is controlled from server side. If you want more control from the client, run site to site vpn or gre + ipsec.
HTH,
Lei Tian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide