The tunnel on the EzVPN client can be initiated automatically or manually, or it could be traffic triggered, depending on the configuration or type of EzVPN client used. Minimal configuration is required at the EzVPN client.
EzVPN can be used anywhere (Home office, Hotel, Airport, ect..) as long as there is an Internet access. Once the user is connected to Internet automatically an IP address is given and the tunnel comes UP as well and then the traffic can start flow
Below, you can see a small diagram illustrating EzVPN with its minimum/basic configuration
Basic configuration:
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
switchport access vlan 2
!
interface Ethernet0/2
switchport access vlan 2
!
interface Ethernet0/3
switchport access vlan 2
!
interface Ethernet0/4
switchport access vlan 2
!
interface Ethernet0/5
switchport access vlan 2
!
interface Ethernet0/6
switchport access vlan 3
!
interface Ethernet0/7
switchport access vlan 3
!
interface Vlan1
no forward interface Vlan3
nameif public
security-level 50
ip address 10.168.225.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Vlan3
nameif inside
security-level 100
ip address 192.168.225.193 255.255.255.224
!
dns server-group DefaultDNS
domain-name corporate.com
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network net_172.16.0.0
subnet 172.16.0.0 255.240.0.0
object network net_10.168.225.0
subnet 10.168.225.0 255.255.255.0
object network net_192.168.225.192_224
subnet 192.168.225.192 255.255.255.224
access-list public_access_in extended permit ip 10.168.225.0 255.255.255.0 any4
access-list public_access_in extended permit ip 10.168.225.0 255.255.255.0 any
access-list inside_in extended permit ip 192.168.225.192 255.255.255.224 any4
access-list inside_in extended permit ip 192.168.225.192 255.255.255.224 any
!
object network obj_any
nat (public,outside) dynamic interface
object network net_10.168.225.0
nat (public,outside) dynamic interface
object network net_192.168.225.192_224
nat (inside,outside) dynamic interface
access-group public_access_in in interface public
!
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
!
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
vpnclient server XX.XX.XX.XX !! Corporate gateway IP address
vpnclient mode network-extension-mode
vpnclient nem-st-autoconnect
vpnclient vpngroup 2easy password *****
vpnclient enable
dhcpd auto_config outside
!
dhcpd address 10.168.225.11-10.168.225.42 public
dhcpd dns 1.1.1.1 interface public
dhcpd auto_config outside interface public
dhcpd option 3 ip 10.168.225.1 interface public
dhcpd enable public
!
dhcpd address 192.168.225.196-192.168.225.222 inside
dhcpd dns 172.28.1.31 172.28.1.34 interface inside
dhcpd option 150 ip 172.27.114.10 172.27.225.11 interface inside
dhcpd option 3 ip 192.168.225.193 interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
Author: Eric U Ngabonziza
English 
French