2.16 IOS ezVPN Server task concerns
I found 2 concerns in this task.
1, There is a requirement to only encrypt users's traffic destined to subnet 136.x.100.0/24. It is funny because both the server and the client are in that subnet. It is not possible, so looking at the solution the split tunnel is for 10.0.0.0/24 which means it is a typo.
2, In the NOTE it says :
"pool <Address-Pool-Name>. Specifies the name of the address pool configured using the command ip local pool. This address pool is used for allocating the IP addresses to the remote clients requesting them. This address pool must reference the IKE using the command crypto isakmp client configuration address-pool local <Address-Pool-Name>."
I don`t think it is 100% correct and in the solution I found that even we have only one user group, the pool is defined in the group configuration and the "groupless" isakmp configuration.
I think this explanation should be corrected as for me it indicates I must use it both places on the other hand in practice :
a, if i use crypto isakmp client configuration address-pool local <Address-Pool-Name> only, every ezVPN group will use this pool to assign the addresses to the clients
b, if i use only the pool command under the crypto isakmp client configuration group X. It will allocate the addresses from this pool only to this group
c, if i use both places and these are different pools, the pool which is defined under the group configuration will be ued.