Limitations of Easy VPN Remote Phase 2
Remember that the Easy VPN features are a work in progress for Cisco. As such, Easy VPN Servers and Easy VPN Remotes do not support specific IPSec features. We discussed earlier in this chapter the features that the Easy VPN Server does not support. Now let's look at the features that the Easy VPN Remote does not support.
For authentication methods, an Easy VPN Remote device only supports preshared keys and XAUTH. Therefore, RSA encrypted nonces and RSA signatures (digital certificates) are not supported. Unlike the Easy VPN Server, D-H group 2 is the only supported D-H algorithm by an Easy VPN Remote device.
As with the Easy VPN Server, PFS is not supported.
Further, subinterfaces are not supported, and ...
Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
