This chapter showed you the basics of setting up remote-access IPSec connections using EasyVPN with an EVS and an EVC. EasyVPN enables you to control policy decisions and push these decisions down to the client. Unlike L2L connections, a remote-access connection supports both user (XAUTH) and device authentication. Configuration of XAUTH requires the use of AAA.

In a remote-access connection, the EVC initiates the connection to the EVS and sends its IKE Phase 1 policies. The EVS finds a matching policy, and the management connection is built. The EVS then performs user authentication using XAUTH. Upon successful authentication, the EVS sends configuration and policy information to the EVC through IKE Mode Config. The EVS then uses RRI to add a static route for the EVC to its local routing table, which can be redistributed through a dynamic-routing protocol. Finally, the EVC and EVS build the two unidirectional data connections during IKE Phase 2.

Next up is Part IX, "Case Study," which wraps up the book and puts many of the features and tools discussed in this book to work in a real-life example.