In this example, the Cisco uBR905 cable access router and Cisco 1700 series router both act as Cisco Easy VPN remote devices, connecting to a Cisco VPN 3000 concentrator. The Cisco 800 series routers perform NAT or PAT translation over the VPN tunnel so that the PCs can access the destination network.įigure 2 Cisco Easy VPN Remote Connection (using a VPN concentrator)įigure 3 illustrates the network extension mode of operation. In this example, Cisco 800 series routers provide access to multiple small business clients, each of which uses IP addresses in the 10.0.0.0 private network space. Global Internet without including the corporate network in the path for the public resources.įigure 2 also illustrates the client mode of operation, in which a VPN concentrator provides destination endpoints to multiple xDSL clients. Represent a split tunneling connection, in which the client PCs can access public resources in the The Cisco uBR905 router performs NAT or PAT translation over the VPN tunnel so that the PCs can access the destination network.įigure 1 Cisco Easy VPN Remote Connection These PCs connect to the Ethernet interface on the Cisco uBR905 router, which also has an IP address in the 10.0.0.0 private network space. In this example, the Cisco uBR905 cable access router provides access to two PCs, which have IP addresses in the 10.0.0.0 private network space. For servers running Cisco IOS software, this timeout value is specified by theįigure 1 illustrates the client mode of operation. Note The timeout for entering the username and password is determined by the configuration of the Cisco The user can then provide the necessary user ID, password, and other information by entering the crypto ipsec client ezvpn connect command and responding to the prompts that follow. These configurations, however, can be displayed using the show ip nat statistics and show access-list commands. Tip The NAT or PAT translation and access list configurations that are created by the Cisco Easy VPN Remote feature are not written to either the startup configuration or running configuration files. On the Cisco 1700 series routers, Cisco 2600 series routers, Cisco 3600 series routers, and Cisco 3700 series routers, multiple outside interfaces can be configured. On the Cisco 800 series and Cisco 1700 series routers, this is the outside interface configured with the Cisco Easy VPN Remote configuration. On the Cisco uBR905 and Cisco uBR925 routers, this is always the Cable-modem 0 interface. The ip nat outside command is applied to the interface that is configured with the Cisco Easy VPN Remote configuration. The default inside interface is the Ethernet 0 interface (for the Cisco 806, Cisco 826, Cisco 827, Cisco 828, Cisco 831, Cisco 836, and Cisco 837 routers and the Cisco uBR905 and Cisco uBR925 cable access routers). The ip nat inside command is applied to all inside interfaces, including default inside interfaces.This document provides information on configuring and monitoring the Cisco Easy VPN Remote feature to create IPSec Virtual Private Network (VPN) tunnels between a supported router and an Easy VPN server (Cisco IOS router, VPN 3000 concentrator, or Cisco PIX Firewall) that supports this form of IPSec encryption and decryption.įeature Specifications for the Cisco Easy VPN Remote Network Extension Mode Configuration ExamplesĬisco Easy VPN Server Without Split Tunneling ExampleĬisco Easy VPN Server Configuration with Split Tunneling ExampleĬisco Easy VPN Server Configuration with Xauth ExampleĮasy VPN Server Interoperability Support ExampleĬisco Easy VPN Remote Web Manager ExampleĬable DHCP Proxy Enhancement Configuration Examples Local Address Support for Easy VPN Remote Example Verifying the Cisco Easy VPN ConfigurationĬonfiguring the Cisco VPN 3000 Series ConcentratorĬonfiguring an Easy VPN Server on a PIX FirewallĬonfiguring and Using the Cisco Easy VPN Remote Web ManagerĬonfiguring Easy VPN Remote Using Cable DHCP Proxy Multiple Peer Support for Dead Peer Detection Stateless FailoverĬonfiguring and Assigning the Cisco Easy VPN Remote Configuration
0 Comments
Leave a Reply. |