View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0016 - Router EZVPN with Certificate

No votes yet
Difficulty Level: 
Lab Document: 
<Please login to see the content>
Video Download: 
Title: SEC0016 - Video Download $7.00
Purchase SEC0016 - Video Download $7.00

The video walks you through configuration of Easy VPN (EZVPN) with Certificate authentication on a Cisco headend router. The hardware client router is running Client Mode and configured to automatically connect. Headend router already has a certificate installed through SCEP (See SEC0014 - Certificate Installation on Router and ASA), while we demonstrate a manual certificate import on the hardware client. XAuth can also be enabled concurrently, although we have XAuth disabled in this lab. 

Topic includes
  • EZVPN Client Mode with Certificate
  • EZVPN Hardware Client
  • Automatic Connect, Splitted-Tunnel
  • Router Certificate Import
  • By default, EZVPN client must have a certificate with OU=<EZVPN Group Name>
  • Certificate map can be used if EZVPN group matching using other certificate attributes is desirable

About Author

Metha Cheiwanichakorn, CCIE#23585 (RS, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at, Metha enjoys learning and challenges himself with new Cisco technologies.

Lab Minutes Classifieds