![]() ![]() The configuration of the EzVPN hardware client is shown in Example 4-3. The client keeps track of the mappings so that it can be forwarded to the correct host on the private network. In Figure 4-2, all traffic from the hosts on the FastEthernet interface on the EzVPN client is translated by NAT to a source IP address of 10.0.68.5, which is assigned by the EzVPN server as an attribute using MODECFG. In this mode, all traffic from the client side uses a single IP address for all hosts on the private network. Automatic configuration- Performed by pushing attributes such as IP address, DNS, WINs, and so on, using MODECFG.įigure 4-2 EzVPN IPSec Client Mode ConnectionĮzVPN Client Mode is also known as Network/Port Address Translation (NAT/PAT) Mode.User authentication- This entails validating user credentials by way of XAUTH. ![]() Negotiating tunnel parameters- This is done with encryption algorithms, SA lifetimes, and so on.EzVPN provides the following general functions in order to simplify the configuration process: Minimal configuration is required at the EzVPN client. The tunnel on the EzVPN client can be initiated automatically or manually, or it could be traffic triggered, depending on the configuration or type of EzVPN client used. When an EzVPN client initiates an IPSec tunnel connection, the EzVPN server pushes the IPSec policies and other attributes required to form the IPSec tunnel to the EzVPN client and creates the corresponding IPSec tunnel connection. The Cisco Easy VPN feature, also known as EzVPN, eases IPSec configuration by allowing an almost no-touch configuration of the IPSec client.ĮzVPN uses the Unity client protocol, which allows most IPSec VPN parameters to be defined at an IPSec gateway, which is also the EzVPN server. In a large corporate environment with hundreds of sites, managing the IPSec configuration can get quite tedious. This includes IPSec policies, Diffie-Hellman parameters, encryption algorithms, and so on. As you saw in Chapter 2, "IPSec Overview," for an IPSec tunnel to be established between two peers, there is a significant amount of configuration required on both peers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |