06-17-2010 12:50 AM
Hello everybody,
I would like to know the difference between easyvpn and Lan 2 Lan.
I mean if i would like to connect a office (20 ppl) to HQ what i should use ?
what benefit i will have if i am using easyvpn between two ASA instead vpn Lan2Lan ? or problem such as perfomance
thank you very much
Solved! Go to Solution.
06-17-2010 04:12 AM
The main benefit of easyvpn is the easier configuration needed on the client and server .
With Lan to Lan, you will need to configure the address of your peer, and matching access-list for encrypted traffic. And continue to configure this, everytime you add a peer.
Easyvpn client can be dhcp address assigned by the isp for their internet connection, you can have the client end subnet doing traffic connection to server end network, without having to define the netowrk of the client on the vpn server end. No need to keep modifying configuration of the VPN server for every additional vpnclient peer.
More information here www.cisco.com/go/easyvpn
Regards,
06-17-2010 02:56 AM
There are two modes for easyvpn. The client (PAT) mode, or the network extension mode (NEM).
With the PAT mode, the remote vpnclient will go through the pat interface of the client. The Server VPN network can not initiate traffic from it's end to reach the client network end "once the tunnel is up".
With network extension mode (NEM), the client lan can be seen from VPN Server network end. The Server VPN network can reach the host of the client end, "once the tunnel is up".
Back to your question, I think you wanted to know the difference between the NEM mode easyvpn and Lan to Lan ipsec tunnel.
In comparing Lan to Lan ipsec and NEM mode easyVPN, the difference is that the Server Network, can not initiate the building up of the tunnel.
The tunnel has to be first initiated (built up) from the client end, and traffic sent from the client end, before the server end can realise what network is behind the NEM easyvpn client. Once the tunnel is built, the Server VPN network end, can then send traffic to the client network end.
I hope that answers your question.
Regards,
06-17-2010 03:14 AM
Thank you very much !
06-17-2010 03:24 AM
Your welcome..
06-17-2010 03:30 AM
excuse me but was wondering benefits remain unchanged using easyvpn? instead of a l2l?
06-17-2010 04:12 AM
The main benefit of easyvpn is the easier configuration needed on the client and server .
With Lan to Lan, you will need to configure the address of your peer, and matching access-list for encrypted traffic. And continue to configure this, everytime you add a peer.
Easyvpn client can be dhcp address assigned by the isp for their internet connection, you can have the client end subnet doing traffic connection to server end network, without having to define the netowrk of the client on the vpn server end. No need to keep modifying configuration of the VPN server for every additional vpnclient peer.
More information here www.cisco.com/go/easyvpn
Regards,
06-17-2010 06:47 AM
Thank you
ciao
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide