Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ezvpn setup quetions

Unanswered Question
May 27th, 2009
User Badges:


i have setup ezvpn server on the uc 520 and ezvpn client on cisco 871. i have doubt in dealing with my vlan. by default, there are multiple vlans, such as vlan 1 = data, vlan 100 = voice, and loopback0 = service engine. i changed my service engine pointing to vlan1 rather than loopback0, because i am afraid that is going to cause an issue with my vlan traffic.

do you think it's good thing to leave service engine ip as a default setup?

is there going to be a problem if i change the service engine ip? and what is the advantage or disadvantage?

if the service engine is set to default, should i include on the vpn traffic? and how?

thank you for your help guys

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
David Harper Wed, 05/27/2009 - 20:31
User Badges:
  • Cisco Employee,

If you are using CCA to manage the installation, then changing the IP address for the service engine will cause problems, as CCA does not support this.  If you are managing the installation entirely using CLI, then this will work fine.

Having said that, I don't really see a need to change the address.  When you configure EzVPN, all traffic from the remote site will route through the UC500 site unless you specifically configure split tunnelling.  If you do configure split tunnelling, then you list the subnets that are reachable through the VPN connection, and the service engine subnet can be included on that list.  Either way, there should be no need to change the service engine address.



weeksgroove Thu, 05/28/2009 - 06:33
User Badges:

Agreed. The UC500 has enough isuses, changing the service engine IP is only going to cuae your more headache.

Setup Split Tunneling using Access lists as was previously mentioned.


This Discussion