On IOS images that do not support identical addressing, the flow would be as follows:
Step1: Launch SDM and navigate to Configure->VPN-> Easy VPN Remote
Click Launch Easy VPN Remote Wizard.
Step2: Click next on welcome screen
Step3: In Interface and Connection Settings screen,
a. Select the LAN interfaces and the WAN interface that is connected to the server.
b. Select the method to be used for triggering the tunnel.
Step4: In Server Information screen,
a. Enter a name for this Easy VPN Remote connection.
b. Enter the IP address or hostname of the Easy VPN Server that you configured now. If you have any backup Easy VPN Server, enter the IP address or hostname of the backup Easy VPN Server in the optional "Easy VPN Server 2" text box.
c. Select the mode of operation (Client or Network Extension)
Step5: In Authentication screen,
a. Select the authentication to be used. It should be the same as the one you configured in the Easy VPN Server. If you select pre-shared keys, then you need to specify the VPN group name to which this client belongs to and the corresponding key.
b. If you select digital certificate authentication enter the group name in the OU field of certificate to authenticate this client with the server.
c. If you have enabled XAuth is enabled in your Easy VPN Server, you can select how you want to enter the XAuth credentials each time when client is connecting to the server.
Note that you can use the "Save XAuth credentials in the router" option only if you have enabled "Save Password" in the group, which might be configured on VPN server or the external AAA server, to which this client belongs to.
Step6: Summary of
Configuration
Review the summary. Navigate back to make any changes, if necessary.
If not, click the Finish Button
The Wizard flow will be slightly modified in SDM 2.5 On IOS images that support identical addressing
The new flow for Easy VPN Remote Wizard is as follows:
Step1: Launch SDM and navigate to Configure->VPN-> Easy VPN Remote
Click Launch Easy VPN Remote Wizard.
Step2: Click next on welcome screen
Step3: In Network Information screen,
a. Yes + Yes – This means identical addressing is needed, so the Mode should be NE or NE+.
b. Yes + No – The Mode needs to be ‘Client’
c. No + [Option not needed] - Recommended is NE. But the user will still be given option to change to Client.
Yes + Yes {User has overlapping addresses and there are devices that need to be reached from outside. This means identical addressing
has to be configured}
Step4: In Interface and Connection Settings screen,
a. Select the LAN interfaces and the WAN interface that is connected to the server.
b. Select the method to be used for triggering the tunnel.
Step 5: Identical Address (optional, if user chooses to configure identical addressing)
a. First half of the screen is for devices that need to be reached from server or other client locations.
b. The second half is to enter the IP address for all the other devices in the client network.
c. Clicking Add/Edit on this screen shows the Add/Edit device dialog.
d. Add at least one device that needs to be reached from the server network or other client networks
e. Non-accessible devices don not overlap with any other interface address on the router
f. The IP addresses entered for all the accessible and non-accessible devices should fall under the same subnet
a device local IP address should fall under the selected inside interfaces.
Step6: In Server Information screen,
a. Connection name is removed. SDM will automatically generate a name for the EzVPN connection
b. Enter the IP address or hostname of the Easy VPN Server that you configured now. If you have any backup Easy VPN Server, enter the IP address or hostname of the backup Easy VPN Server in the optional "Easy VPN Server 2" text box.
c. Mode selected to NE for Identical addressing. User will be given an option to select NE+ mode.
Step7: In Authentication screen,
a. Select the authentication to be used. It should be the same as the one you configured in the Easy VPN Server. If you select pre-shared keys, then you need to specify the VPN group name to which this client belongs to and the corresponding key.
b. If you select digital certificate authentication enter the group name in the OU field of certificate to authenticate this client with the server.
c. If you have enabled XAuth is enabled in your Easy VPN Server, you can select how you want to enter the XAuth credentials each time when client is connecting to the server.
Note that you can use the "Save XAuth credentials in the router" option only if you have enabled "Save Password" in the group, which might be configured on VPN server or the external AAA server, to which this client belongs to.
Step8: Summary of Configuration
Review the summary. Navigate back to make any changes, if necessary.
If not, click the Finish Button
For this combination of answers, following will be the flow after the ‘Network Information’ screen
Step4:Interface and Connection Settings
Step5:Server Information
a. Connection name is removed. SDM will automatically generate a name for the EzVPN connection
b. Enter the IP address or hostname of the Easy VPN Server that you configured now. If you have any backup Easy VPN Server,
enter the IP address or hostname of the backup Easy VPN Server in the optional "Easy VPN Server 2" text box.
c. Mode selected to Client.
Step6:Authentication
Step7:Summary
For this combination of answers, following will be the flow after the ‘Network Information’ screen.
Step4:Interface and Connection Settings
Step5:Server Information
a. The ‘Network Extension’ mode will be selected by default. But the user can still select other mode based on needs.
Step6:Authentication
Step7:Summary