Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

IOS EZVPN Routing

If I have a remote ASA connecting to an ISR via EZVPN - the ISR is the EZVPN hub/server. I understand how the tunnel gets setup etc., but I'm not sure how the routing takes place.  Can the ISR inform the local router what routes it is responsible for?  How does the ISR know how to route packets for different ezvpn tunnels?

Everyone's tags (1)
1 REPLY
Community Member

Hi,

Hi,

The routing of packets across the vpn tunnel will be decided by the split ACL configuration on the server.

If there is no split ACL configured then the Ipsec SA will be from the assigned client IP to any which means everything from that IP will be sent across the tunnel and the ISR will decide on where to send the traffic.

The differentiation by the server will be based on the IP addresses assigned to each of the clients.

For example, if the IP assigned to the client is 172.16.12.3 then the Ipsec SA will look like this.

   local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
   remote ident (addr/mask/prot/port): (172.16.12.3/255.255.255.255/0/0)

 Thus the EZvpn server will know how to reach each of these clients individually.

Rate the post if it helps

40
Views
0
Helpful
1
Replies
CreatePlease to create content