IOS Ezvpn without tunnel segmentation access to public network testing from Headquarters

. Test topology:

Reference Link: http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml

General idea: Set up a loopback port on the EZVPN server, and configure the Route-map on the external network, the traffic to the public network will be hit to the loopback port and NAT out public network, When configuring Route-map you need to be aware that the next hop address is a loopback address, not a loopback address.

2. Basic configuration:

A.private Routing:

Interface e0/0

IP address 172.16.1.10 255.255.255.0

No shut

IP Route 0.0.0.0 0.0.0.0 172.16.1.1

B.branch Router:

Interface ethernet0/0

IP address 172.16.1.1 255.255.255.0

No shut

Interface ETHERNET0/1

IP address 202.100.1.1 255.255.255.0

No shut

IP Route 0.0.0.0 0.0.0.0 202.100.1.10

C.internet Router:

Interface e0/0

IP address 202.100.1.10 255.255.255.0

No shut

Interface E0/1

IP address 202.100.2.10 255.255.255.0

No shut

D.center Router:

Interface fastethernet0/0

IP address 10.1.1.1 255.255.255.0

IP nat Inside

No shut

Interface FASTETHERNET0/1

IP address 202.100.2.1 255.255.255.0

IP Nat Outside

No shut

IP Route 0.0.0.0 0.0.0.0 202.100.2.10

IP Access-list Extended Pat

Deny IP 10.1.1.0 0.0.0.255 123.1.1.0 0.0.0.255

Permit IP any

IP NAT inside source list Pat interface FASTETHERNET0/1 overload