Table of Contents
Advertisement
Chapter 6
Cable CPE Commands
•
•
•
•
•
•
After configuring the Cisco Easy VPN Remote configuration, use the exit command to exit the
Cisco Easy VPN Remote configuration mode and return to global configuration mode.
Note
You cannot use the no crypto ipsec client ezvpn command to delete a Cisco Easy VPN Remote
configuration that is assigned to an interface. You must remove that Cisco Easy VPN Remote
configuration from the interface before you can delete the configuration.
Examples
The following example shows a Cisco Easy VPN Remote configuration named telecommuter-client
being created on a Cisco uBR905 or Cisco uBR925 cable access router and being assigned to cable
interface 0:
Router# config t
Router(config)# crypto ipsec client ezvpn telecommuter-client
Router(config-crypto-ezvpn)# group telecommute-group key secret-telecommute-key
Router(config-crypto-ezvpn)# peer telecommuter-server
Router(config-crypto-ezvpn)# mode client
Router(config-crypto-ezvpn)# exit
OL-1581-07
exit—Exits the Cisco Easy VPN configuration mode and returns to global configuration mode.
group group-name key group-key—Specifies the group name and key value for the VPN
connection.
local-address interface-name
determine the public IP address, which is used to source the tunnel. This applies only to the
Cisco uBR905 and Cisco uBR925 cable access routers.
The value of
–
interface-name
After specifying the local address used to source tunnel traffic, the IP address can be obtained in two
ways:
The local-address subcommand can be used with the cable-modem dhcp-proxy {interface
–
loopback number} command to obtain a public IP address and automatically assign it to the
loopback interface.
The IP address can be manually assigned to the loopback interface.
–
mode {client | network-extension}—Specifies the router's VPN mode of operation:
The client option (default) automatically configures the router for Cisco Easy VPN client mode
–
operation, which uses NAT/PAT address translations. When the Cisco Easy VPN client
configuration is assigned to an interface, the router automatically creates the NAT/PAT and
access-list configuration needed for the VPN connection.
–
The network-extension option specifies that the router should become a remote extension of
the enterprise network at the other end of the VPN connection. The PCs that are connected to
the router typically are assigned an IP address in the enterprise network's address space.
no—Removes the command or sets it to its default values.
peer {ipaddress | hostname}—Sets the peer IP address or hostname for the VPN connection. A
hostname can be specified only when the router has a DNS server available for hostname resolution.
The Cisco Easy VPN Remote feature attempts to resolve the hostname when the peer
Note
command is given, not when the VPN tunnel is created. If the hostname cannot be resolved
at that time, the peer command is not accepted.
crypto ipsec client ezvpn (global configuration)
—To inform the Cisco Easy VPN router which interface is used to
specifies the interface used for tunnel traffic.
Cisco Broadband Cable Command Reference Guide
6-31
Advertisement
Table of Contents
