I have an IOS router configured as an ezvpn server at the headend and I'm trying to connect a remote IOS router in NEM mode.
Im choosing NEM mode as the remote router has three user sub interfaces off of a gige interface. I would like these subnets to be accessible from the ezvpn IOS server.
My understanding is that ezvpn will take care of the insertion of the remote site routes into the headend router routing table.
I notice that when the ezvpn connection comes up I see an automatically generated static route to one of the remote ezvpn networks, however there are three networks configured at the remote router with the crypto ipsec client ezvpn eztunnel inside statement. But only one network out of the three networks at the remote are visible in the ezvpn server routing table. The next hop is the virtual interface and the address of 0.0.0.0. I thought that I would see the address from the easy vpn pool but the headend is not assigning an address to the remote.
If I configure the remote router in client mode an address does get assigned to the remoter router and I can ping it from the headend.
In NEM mode there is no IP assignment and I dont see all the networks in the ip rouer table at the headend.
It may be that NEM does not support multiple sub interfaces?? May be this is a time to move to DMVPN if yo need more networks at he remote your no longer in the tele comuter realm and its time to move to DMVPN configured as a branch....may be.
Any insight into this would be great thanks.
lab-HQ-rtr#sh ip route
Gateway of last resort is not set
S 10.10.30.0 [1/0] via 0.0.0.0, Virtual-Access2 Here is the network visible at the IOS ezvpn server other 2 nets not visible and no next hop address from pool.
lab-HQ-rtr#sh ip local pool
Pool Begin End Free In use Blocked
telemobile-pool 192.168.4.2 192.168.4.254 253 0 0
ezvpn-pool 192.168.3.2 192.168.3.254 253 0 0 Nothing assigned
This is the remote no private ip from pool
lab-branch2-rtr#sh crypto ipsec client ezvpn
Easy VPN Remote Phase: 6
Tunnel name : eztunnel
Inside interface list: GigabitEthernet3/0, GigabitEthernet3/0.30, GigabitEthernet3/0.40, GigabitEthernet3/0.1000
Outside interface: Serial0/0/0
Current State: IPSEC_ACTIVE
Last Event: CONNECT
Save Password: Allowed
Current EzVPN Peer: 220.127.116.11