Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
918
Views
0
Helpful
4
Replies

Ezvpn Configuration

Go to solution
ms_sourav
Level 1
Level 1

‎04-05-2011 12:37 AM

Hi All,

     Can anybody tell me how to configure cisco easy VPN Server and client in IOS Router (with diagram)?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to ms_sourav

‎04-05-2011 01:13 AM

1/ Yes, "crypto dynamic map" is required because that will allow all remote access vpn to connect to the VPN server. You will use static crypto map if you are configuring LAN-to-LAN VPN tunnel and when the peer address is static.

2/ "ip default-gateway 172.16.186.1" is not required.

3/ The route-map is assigned to the NAT statement. However you can just use ACL assigned to the NAT statement, you don't have to use route-map if you don't want to. The example does not have any NAT configured, that's why the ACL is permit ip any any. If you already have existing NAT statement, you can just deny the VPN server LAN from being NATed when it's going towards the remote server LAN.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ms_sourav
Level 1
Level 1
In response to Jennifer Halim

‎04-05-2011 01:01 AM

Hi Jennifer  
         How are you?
         That document will really help me to configure the ezvpn but there is many commands which I don't know what they actually do! for example "crypto dynamic-map"  What is the reason for providing ip default-gateway 172.16.186.1? Is this nessesery to use route-map here? It will be grateful if you discuss it in little more detail.
0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to ms_sourav

‎04-05-2011 01:13 AM

1/ Yes, "crypto dynamic map" is required because that will allow all remote access vpn to connect to the VPN server. You will use static crypto map if you are configuring LAN-to-LAN VPN tunnel and when the peer address is static.

2/ "ip default-gateway 172.16.186.1" is not required.

3/ The route-map is assigned to the NAT statement. However you can just use ACL assigned to the NAT statement, you don't have to use route-map if you don't want to. The example does not have any NAT configured, that's why the ACL is permit ip any any. If you already have existing NAT statement, you can just deny the VPN server LAN from being NATed when it's going towards the remote server LAN.

0 Helpful

Go to solution
ms_sourav
Level 1
Level 1
In response to Jennifer Halim

‎04-05-2011 01:18 AM

Thank you Jennifer..

0 Helpful
Customers Also Viewed These Support Documents