I am testing ezvpn. i have configured ezvpn server on one router and configured ezvpn client on another router. in ezvpn client i gave the name infront of "peer" command. The name is resolving fine and the connection is established. but when i shut the interface connected towards ezvpn server the "show crypto isakmp sa" still shows QM_IDLE state. I want the vpn to torn down ezvpn after some time of inactivity. what command should i use..my second question is that can i run routing protocol b/w ezcpn client site and ezvpn server site as we can do in gre based site to site vpn.
the problem here is you are using ezvpn... and most of the times customers use it as connect auto since they want to use it as plug and play... so bcoz of this even if the tunnel is torn down it reinitiates the tunnel automatically
now coming to your second query of routing protocols, yeah you can use ipsec/gre for that and this will not be possible on ezvpn
i assume the reason yu are using ezvpn is bcoz ur pub ip is dynamic and is not static, why dont you try using DMVPN if you have more than one routers which have such a requirement
also again the prob here for you would be that since routing updates are always exchanged the tunnel is always up
Yes i am using Ezvpn becaues the hub router ip is dynamic. but i think i cant use dmvpn for this purpose. Can u tell me the what the best possible vpn in this case. i want to run routing protocol and my hub router ip is changing..
1. DMVPN - i am not sure why you think this wont work for this setup, do you have any specific concerns, as long as your hub ip does not change it is not a problem
2. this is a little complicated - create a loopback ip on this router and make that as the tunnel source on your side and on the hub side your tunnel destination will be this loopback ip on your local router. And on the local end use a static crypto map with your crypto acl being from tunnel source(loopback ip) to tunnel destination. And on the hub site use a dynamic crypto map
i feel dmvpn would be a easy option and also is a scalable option
yup every site ip changes after reboot of router. so there is no fixed ip on any site. now in this case what vpn will be the best solution. i think i cant define hostname in dmvpn. can you tell me which vpn is best solution.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...