If I have a remote ASA connecting to an ISR via EZVPN - the ISR is the EZVPN hub/server. I understand how the tunnel gets setup etc., but I'm not sure how the routing takes place. Can the ISR inform the local router what routes it is responsible for? How does the ISR know how to route packets for different ezvpn tunnels?
The routing of packets across the vpn tunnel will be decided by the split ACL configuration on the server.
If there is no split ACL configured then the Ipsec SA will be from the assigned client IP to any which means everything from that IP will be sent across the tunnel and the ISR will decide on where to send the traffic.
The differentiation by the server will be based on the IP addresses assigned to each of the clients.
For example, if the IP assigned to the client is 172.16.12.3 then the Ipsec SA will look like this.
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (172.16.12.3/255.255.255.255/0/0)
Thus the EZvpn server will know how to reach each of these clients individually.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...