Re: ezvpn setup quetions

TY08 · ‎05-27-2009

guys,

i have setup ezvpn server on the uc 520 and ezvpn client on cisco 871. i have doubt in dealing with my vlan. by default, there are multiple vlans, such as vlan 1 = data, vlan 100 = voice, and loopback0 = service engine. i changed my service engine pointing to vlan1 rather than loopback0, because i am afraid that is going to cause an issue with my vlan traffic.

do you think it's good thing to leave service engine ip as a default setup?

is there going to be a problem if i change the service engine ip? and what is the advantage or disadvantage?

if the service engine is set to default, should i include on the vpn traffic? and how?

thank you for your help guys

David Harper · ‎05-27-2009

If you are using CCA to manage the installation, then changing the IP address for the service engine will cause problems, as CCA does not support this. If you are managing the installation entirely using CLI, then this will work fine.

Having said that, I don't really see a need to change the address. When you configure EzVPN, all traffic from the remote site will route through the UC500 site unless you specifically configure split tunnelling. If you do configure split tunnelling, then you list the subnets that are reachable through the VPN connection, and the service engine subnet can be included on that list. Either way, there should be no need to change the service engine address.

Cheers,

Dave.

weeksgroove · ‎05-28-2009

Agreed. The UC500 has enough isuses, changing the service engine IP is only going to cuae your more headache.

Setup Split Tunneling using Access lists as was previously mentioned.