EasyVPN + xauth + reverse route injection

Unanswered Question

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;}

I can assign a static IP for the IPSec connection using  Framed-IP-Address = with xauth authentication.

Is it possible to add additional crypto subnets for a remote IPSec client using RADIUS?

See attached crude drawing.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcin Latosiewicz Wed, 07/07/2010 - 15:08


I'm not sure I understand the question? Could you maybe re-phrase?

If you're asking about RRI for EZVPN yes it does exist (on both ASA and IOS), a very neat solution on IOS is to use DVTI ezvpn configuration.

On ASA under dynamic-map you can have 'set reverse-route'.

Let me know how we can help you better



This Discussion