I currently have setup ezvpn betwene two sites using network extension mode. Is the IP pool necessary on the server end? Being that it is in network extension mode, any traffic coming from the remote site over vpn should be using its own IP address?
This is my current server config:
crypto isakmp client configuration group VPNGROUP
dns 192.168.2.2 192.168.2.1
wins 192.168.2.1 192.168.2.2
Where vpn-pool is assigned a pool of addresses. The remote site has no problem getting to the networks I have allowed it to access through ACLs but when I created a firewall rule based on their source IPs it doesn't seem to affect them. I'm curious if this is the result of the vpnpool assigning them different IPs.
Thanks. I'll try that tonight. It's confusing because in every config I have seen on the web, local ip pools are assigned even with network extension mode.
What's happening with us is that I created an aaa rule on my pix firewall (sitting behind the ezvpn server) which exempts traffic from that remote site from authentication to services in my dmz. This was working for a couple of minutes and suddenly when they tried again the rule doesn't work. This leads me to believe either they are not coming across the vpn tunnel and across the internet (where this rule probably wont work since they'd have a public IP and not the remote site's ip address) or some wacky address is assigned to them as they come across the tunnel.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :