Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

new to cloned virtual access interfaces

hi out there

We are migrating our vpn deployment from god old cryptomaps to virtual access cloned interfaces - we are still in "learning" phase where we deploy ezvpn-clients which connects to a central server. we have currently two VRF's defined with a internet vrf where the clients connects to and a service vrf where the clients are forwarede to the needed services. When the routers are connected the routingtable in that service-vrf look like this:

Gateway of last resort is not set is variably subnetted, 6 subnets, 2 masks
S [1/0] via, Virtual-Access4
S [1/0] via, Virtual-Access4
S [1/0] via, Virtual-Access3
S [1/0] via, Virtual-Access3
S [1/0] via, Virtual-Access2
S [1/0] via, Virtual-Access2


Is this as expected ? It bothers me a bit that the next hop is noted as Each ezvpn client has a loopback interface which is the inside of the client (which is assigned a 10.120.x.1/32 adresse) and nat-pool (10.120.x.0/24)  through which the internal clients access the published service through the VPNServer.

Everyone's tags (2)
New Member

new to cloned virtual access interfaces

hi again

Really no-one out there seen a similar scenario? I just need verification that it looks as expected since I havent got anything to compare it with..

best regards /ti

CreatePlease login to create content