Easy VPN question

[dcpuser]

Hey all,

According to Cisco's VPN setup guides, the client-mode requires dhcp to be configured on its device so it can assign IPs on all host machines connected to its private interface. What if I have a separate server that already does that? Do I have to emulate that same dhcp on the router itself?

And are there any big cons if using network extension over client-mode? From what I have read, the only possible con is that in network extension, the LAN on the server end can ping, touch machines on the remote end since NAT is not involved and those remote machines are not hidden behind the easy vpn client device. Also, network extension (I believe) does not require DHCP to be configured at the remote end where with client mode it does.

 

[ktarantino]

Hello,

What devices are you using for the VPN endpoints?

Also, are you authenticating on the device or using RADIUS? If not using RADIUS, then you should consider using a RADIUS server and use that authentication server to assign the DHCP address.

Lastly, if this is a remote site with a few computers, then you should consider using network extension mode.

 

[dcpuser]

Hi and thanks for your reply. The remote client is using a PIX501 and I nominated one of our 2600 routers to be the easy vpn server. Right now authentication is going to be done locally (I want them to at least see us before I start locking it down with RADIUS).