Home > Developer > Go

Ezvpn client how to go directly to the public network if the server side is not configured for tunnel separation

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

I. Overview:

In many cases, in order to be safe, to avoid dialing into the company intranet and the Internet at the same time, the EZVPN server did not configure the tunnel separation. But what if you want to do this and the device at the headquarters side doesn't have permission to modify? The following are described in the EZVPN hardware client and software client respectively.

Test topology reference: http://333234.blog.51cto.com/323234/1202965.

In fact, the EZVPN client solution is similar to the above, but the Ezvpn software client does not test successfully by removing the default route, PPTP VPN and L2TP IpSEC VPN are feasible.

Two. Ezvpn Hardware client Solution:

A. Analysis of the reasons for not directly on the public network:

In general, to ensure access to the Internet when there is no VPN dial-in to the headquarters, the EZVPN hardware client should be configured with NAT, and the VPN connection cannot be on the public network because traffic is entered from the configured crypto IPSec client Ezvpn Ezvpn inside port. It is also encrypted by VPN when configured with the crypto IPSec client Ezvpn Ezvpn outside out. These two conditions need to be satisfied at the same time, otherwise they will not be encrypted by VPN. This in fact and traffic only from the IP NAT inside port entry, but also from the IP Nat outide port will be similar to NAT.

So the solution is:

① first Configure a loopback port, configure IP, and configure IP NAT inside.

② in Ezvpn client intranet interface settings Route-map, in addition to access to the Headquarters intranet traffic, other traffic are hit to the loopback port.

③ the LOOPB port is configured with only IP NAT inside and is not configured for crypto IPSec client Ezvpn Ezvpn, and is therefore not encrypted by VPN.

B. Configuration method:

①branch has configured the dynamic Pat

Interface ethernet0/0

IP nat Inside

Interface ETHERNET0/1

IP Nat Outside

IP Access-list Extended Pat

Permit IP any

IP NAT inside source list Pat interface ETHERNET0/1 overload

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
wordpress the field get the permalink how to check if server is under ddos attack how to check if dns server is working properly how to check if ssl is enabled on server how to check if table is partitioned in sql server how to check if ftp server is running in linux
Related Article
Golang client Sarama via SSL connection Kafka configuration
Golang private Key "encrypt" public key "decrypt"
Golang in net package usage (i)
Go Navicat Premium 12.1.8.0 Installation and activation
Go adobe Creative Cloud 2015 download adobe CC Download

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More