![]() ISAKMP profiles are the subject of this configuration. The introduction of ISAKMP profiles in Cisco IOS Software Release 12.2(15)T makes this configuration possible since you can match on other properties of the connection (VPN Client group, peer IP address, fully qualified domain name, and so forth) rather than just the peer IP address. However, when you disable Xauth, it reduces the ability to authenticate VPN Clients. This is because Xauth for the VPN Client connections do break the LAN to LAN connection. Without further configuration, the use of a wild card pre shared key on the hub router is not possible in this situation. This is because the ISP often provisions IP addresses dynamically using DHCP on these low cost connections. The use of Dynamic Host Configuration Protocol (DHCP) is common in situations where the spoke is connected to the Internet via a DSL or cable modem. The spoke router in this scenario obtains its IP address dynamically via DHCP. ![]() Cisco VPN Clients also connect to the hub and use Extended Authentication (Xauth). 1 Configuring an IPsec Router Dynamic LAN to LAN Peer and VPN Clients Document ID: Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations VPN Client Verify Verify Crypto Map Sequence Numbers Troubleshoot Related Information Introduction This configuration shows a LAN to LAN configuration between two routers in a hub spoke environment. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |