cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1876
Views
0
Helpful
3
Replies

Cisco Easy VPN + loopback interface | static ip address for client

Good day, folks.

I have a couple a questions answers on which i cant google for a period. BTW maybe i simly use wrong aproach to choose keywords.

So,

1)  Is it possible to assign same ip address to the same client each time  it authenticated, preferably without using DHCP? Im definely sure that  it possible but cant find corresponded configuration examples (my device  is Cisco 1921 with IOS 15.0.1).

2)  Is it possible to assign dynamic crypto map to loopback interface (the  purpose to make EASY VPN Server accessible through two interfaces -  maybe you recommend other approach instead?) - as i move workingcrypto  map from phy int to loopback - i cant connect with reason "Phace1 SA  policy proposal not accepted"

1 Accepted Solution

Accepted Solutions

olpeleri
Cisco Employee
Cisco Employee

Hello

1) U can tie the same ip address to the same username using radius

2) If you have 2 outside interfaces

then you would use

crypto map mymap local-address loop0

int gig0/0

crypto map mymap

int g0/1

cryptp map mymap

By doing so the local-address would be effectively the loop0 but the crypto map HAS to be applied on the physical egress interfaces

Cheers

OLivier

View solution in original post

3 Replies 3

olpeleri
Cisco Employee
Cisco Employee

Hello

1) U can tie the same ip address to the same username using radius

2) If you have 2 outside interfaces

then you would use

crypto map mymap local-address loop0

int gig0/0

crypto map mymap

int g0/1

cryptp map mymap

By doing so the local-address would be effectively the loop0 but the crypto map HAS to be applied on the physical egress interfaces

Cheers

OLivier

Thnx for solution with 2 interfaces!

But what about first question it seems to me there are must be solution with using only Cisco device router and IOS functionality without other facilities. If i will find smth i will post here.

Hello,

If you wanna use local-authentication then the only way is to use one ezvpn group per user and define each time an ip pool of one address.

Cheers,