Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
1
Replies

EasyVPN

jogillis
Level 1
Level 1

‎08-21-2009 08:22 AM - edited ‎02-21-2020 03:38 AM

What are the pro/cons to using Easyvpn in network-extention mode with split-tunneling as opposed to using a regular site-to-site vpn connection. We have about 70 remote offices with Pix 501s already setup with site-to-site and will be replaceing the 501's with 887 routers. Now the question should we go to easyvpn on these new routers back to our hub ASA or stay site-to-site? Any info or experiences with this type of conversion would be appreciated.

0 Helpful
1 Reply 1

Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-27-2009 08:21 AM

EZVPNs allow easier provisioning on the client side, as the policy can be 'controlled' from the server head-end. Also the EZVPN client has a auto-connect option, making it more seamless (with regards to connectivity).

When the EZVPN client will connect, it will propose various security policies to the server, so the EZVPN server can choose the Phase1/2 policies. IN a L2L VPN (Direct Encapsulation) both sides need to define the same policy (Manually). The downside is that EZVPN is a Cisco Proprietary technology! If you ever want to phase out the Cisco hardware, you need to re-do the whole thing.

Have a look at this link for more details:

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/IPSec_Over.html

Please rate if helpful.

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card