Cisco Easy VPN for Site to Site connections

gojericho0gojericho0 Member Posts: 1,059 ■■■□□□□□□□
in CCNP
Has anyone ever used this in a production environment? I have always manually built my ISAKMP\IPSEC\Crypto Maps, but this seems like it could make management much simpler for multiple sites.
· Share on FacebookShare on Twitter

Comments

  • jamesp1983jamesp1983 Member Posts: 2,475 ■■■■□□□□□□
    I've used this in a lab environment, but thats it.
    "Check both the destination and return path when a route fails." "Switches create a network. Routers connect networks."
    · Share on FacebookShare on Twitter
  • cisco_troopercisco_trooper Member Posts: 1,441 ■■■■□□□□□□
    I have and I'm pretty sure I hated it because I have never used it again. I would just continue manually doing it. This way you can name your group-policy, tunnel-groups, etc., in a somewhat intelligible form. Wizards suck.
    · Share on FacebookShare on Twitter
  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    Its a great concept, especially for VPN's where the far-end peer address can change. But I haven't had consistent results with it. Its either an authentication issue, or a NAT issue or something else. Maybe it was because of the way we were trying to use it.
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
    · Share on FacebookShare on Twitter
  • WRKNonCCNPWRKNonCCNP Member Posts: 38 ■■□□□□□□□□
    I am involved in testing network designs for my company's enterprise customers and can say that i have seen Easy VPN used many times for customers. Mostly they use it with a hub and spoke design, often where the remote locations public IP address is dynamic. However, I had never used the SDM wizard until i started studying for ISCW. I agree with cisco_trooper when he says "wizards suck". CLI FTW.
    · Share on FacebookShare on Twitter
  • PlazmaPlazma Member Posts: 503
    I acutally don't mind SDM for the fact I use it to generate a template of what I want with minimal effort.. i like shiny things...

    When I get a template made from a base config of what i need, i just copy it to notepad or something and modify it as I need.. it does save some time in that regard.
    CCIE - COMPLETED!
    · Share on FacebookShare on Twitter
  • redwarriorredwarrior Member Posts: 285
    In my last job, we used Easy VPN tunnels for places where we didn't have a static IP on the remote end. It was good for a basic connection, but as others have said, it does limit your options as to what you can do with that connection as far as ACL's. We just had an issue at my new gig where we learned that you also can't use TACACS for authentication through an easy VPN tunnel.

    We always configured them using the CLI, which is certainly an option. We didn't trust the ASDM for much except monitoring. icon_wink.gif
    CCNP Progress

    ONT, ISCW, BCMSN - DONE

    BSCI - In Progress

    http://www.redwarriornet.com/ <--My Cisco Blog
    · Share on FacebookShare on Twitter
  • ilcram19-2ilcram19-2 Banned Posts: 436
    dmvpn and getvpn are better solucions than eay vpn
    · Share on FacebookShare on Twitter
Sign In or Register to comment.