View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0015 - Router EZVPN with Pre-Shared Key and XAuth

Average: 5 (1 vote)
Difficulty Level: 
Lab Document: 
<Please login to see the content>

The video walks you through configuration of Easy VPN (EZVPN) with Pre-shared key authentication on a Cisco headend router. The hardware client router is running Client Mode and configured to automatically connect using a locally stored credential. We demonstrate unique characteristics of Client mode where connections can only be initiated from the remote client as the client router performs PAT to the source IP. Any resources local to the client is inaccessible from the headend side. As you will see, there is minimal configuration required on the hardware client, and since the IPSec is always initiated from the client, dynamic IP on the client is supported. 

Topic includes
  • EZVPN Client Mode with Pre-Shared Key and XAuth
  • EZVPN Hardware Client
  • Automatic Connect, Local Credential, Splitted-Tunnel
  • NAT is not interoperable with Client mode. 
  • Client-side resources cannot be accessed from internet via static NAT configuration
  • Client-side traffic to internet is port-translated (PAT) to outside interface IP

About Author

Metha Cheiwanichakorn, CCIE#23585 (RS, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at, Metha enjoys learning and challenges himself with new Cisco technologies.