Example 2212 Configuring xauth

NewYork#configure terminal

NewYork(config)#aaa authentication login windham-vpn-users pre-share NewYork(config)#crypto isakmp xauth timeout 30

NewYork(config-if)#crypto map windham-map client authentication list windham-vpn-usei

Easy VPN Modes of Operation

The Easy VPN can use three different remote Phase 2 modes for VPN connectivity, which mainly affect how the remote user is addressed when connected to the destination network. Both configurations support split tunneling. The three modes are as follows:

• Client mode Allows whatever changes necessary to connect the client to the destination network via the VPN connection. In the client mode, the client is automatically configured with NAT or PAT and the access lists needed to create the VPN connection.

• Network extension mode Treats the VPN client systems as components of the original network. The client systems must have fully routable IP addresses and cannot use NAT or PAT.

• Network extension plus mode Acts much the same as the network extension mode except that it pulls an IP address and assigns it to the loopback interface.

0 0

Post a comment