You are here
SEC0016 - Router EZVPN with Certificate
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video walks you through configuration of Easy VPN (EZVPN) with Certificate authentication on a Cisco headend router. The hardware client router is running Client Mode and configured to automatically connect. Headend router already has a certificate installed through SCEP (See SEC0014 - Certificate Installation on Router and ASA), while we demonstrate a manual certificate import on the hardware client. XAuth can also be enabled concurrently, although we have XAuth disabled in this lab.
Topic includes
- EZVPN Client Mode with Certificate
- EZVPN Hardware Client
- Automatic Connect, Splitted-Tunnel
- Router Certificate Import
Notes:
- By default, EZVPN client must have a certificate with OU=<EZVPN Group Name>
- Certificate map can be used if EZVPN group matching using other certificate attributes is desirable
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.