[c-nsp] IPSec SA + EzVPN conflict
Peter Hicks
peter.hicks at poggs.co.uk
Sun Jul 20 15:06:10 EDT 2008
Hello
One of my customers has an IPSec VPN to Company A, and wants to migrate his
existing client-based VPN to Company B to the same router (3725 with 12.4(12)
Advanced Enterprise Services on it).
After putting the EzVPN config on, the VPN to Company B came up and hosts there
were reachable. Nothing at Company A was reachable, yet the SAs were still
established.
Further digging showed that the SAs for Company B's VPN specified a remote
network of 0.0.0.0/0, tunnelling all traffic and not just to the subnet we're
interested in.
Is there a way around this?
Peter
--
Peter Hicks | e: my.name at poggs.co.uk | g: 0x5DA31330 | w: www.poggs.com
A: Because it destroys the flow of the conversation
Q: Why is top-posting bad?
More information about the cisco-nsp
mailing list