You are here
SEC0019 - Router EZVPN with Network-Extension Mode, Multiple Subnets, and NAT Support
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video demonstrates three different operational modes available on Cisco Easy VPN (EZVPN) router hardware client, namely Client, Network Extension, and Network Extension Plus, and explains when they should be used. We will also look at how to support multiple remote subnets, and NAT compatibility specifically when you run Network Extension or Network Extension Plus. These configurations only pertain to the hardware client side.
Notes:
- Client Mode: All traffic originated from remote site is Port-Address translated (PAT) to the assigned IP. Resources at the remote side are not visible, and cannot be accessed by the headend.
- Network Extension Mode: Remote subnets are visible to the headend and remote resources can be accessed by their native IP. 'ip local pool' is not needed.
- Network Extension Plus Mode: Identical to Network Extension Mode but with IP address assigned from the configured VPN pool, potentially used for troubleshooting purpose.
Topic includes
- EZVPN Client Mode
- EZVPN Network Extension Mode
- EZVPN Network Extension Plus Mode
- EZVPN Support for Multiple Subnets
- EZVPN Support for NAT