Easyvpn VS lan 2 lan

Answered Question
Jun 17th, 2010
User Badges:

Hello everybody,


I would like to know the difference between easyvpn and Lan 2 Lan.



I mean if i would like to connect a  office (20 ppl) to HQ what i should use ?


what benefit i will have if i am using easyvpn between two ASA instead vpn Lan2Lan ? or problem such as perfomance




thank you very much

Correct Answer by edadios about 7 years 1 month ago

The main benefit of easyvpn is the easier configuration needed on the client and server .


With Lan to Lan, you will need to configure the address of your peer, and matching access-list for encrypted traffic. And continue to configure this, everytime you add a peer.


Easyvpn client can be dhcp address assigned by the isp for their internet connection, you can have the client end subnet doing traffic connection to server end network, without having to define the netowrk of the client on the vpn server end. No need to keep modifying configuration of the VPN server for every  additional vpnclient peer.


More information here www.cisco.com/go/easyvpn


Regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
edadios Thu, 06/17/2010 - 02:56
User Badges:
  • Silver, 250 points or more

There are two modes for easyvpn. The client (PAT) mode, or the network extension mode (NEM).


With the PAT mode, the remote vpnclient will go through the pat interface of the client. The Server VPN network can not initiate traffic from it's end to reach the client network end "once the tunnel is up".


With network extension mode (NEM), the client lan can be seen from VPN Server  network end. The Server VPN network can reach the host of the client end, "once the tunnel is up".


Back to your question, I think you wanted to know the difference between the NEM mode easyvpn and Lan to Lan ipsec tunnel.


In comparing Lan to Lan ipsec and NEM mode easyVPN, the difference is that the Server Network, can not initiate the building up of the tunnel.


The tunnel has to be first initiated (built up) from the client end, and traffic sent from the client end, before the server end can realise what network is behind the NEM easyvpn client. Once  the tunnel is built, the Server VPN network end, can then send traffic to the client network end.


I hope that answers your question.


Regards,

edadios Thu, 06/17/2010 - 03:24
User Badges:
  • Silver, 250 points or more

Your welcome..

valerio76 Thu, 06/17/2010 - 03:30
User Badges:

excuse me but was  wondering benefits remain unchanged using easyvpn? instead of a l2l?

Correct Answer
edadios Thu, 06/17/2010 - 04:12
User Badges:
  • Silver, 250 points or more

The main benefit of easyvpn is the easier configuration needed on the client and server .


With Lan to Lan, you will need to configure the address of your peer, and matching access-list for encrypted traffic. And continue to configure this, everytime you add a peer.


Easyvpn client can be dhcp address assigned by the isp for their internet connection, you can have the client end subnet doing traffic connection to server end network, without having to define the netowrk of the client on the vpn server end. No need to keep modifying configuration of the VPN server for every  additional vpnclient peer.


More information here www.cisco.com/go/easyvpn


Regards,

Actions

This Discussion