White Paper Abstract:
This document illustrates how to combine 802.1x authentication with Easy VPN Remote operating in client mode on Cisco IOS Software routers. A typical application of this combination is a teleworker solution (Figure 1). The access router (Cisco 871 Router in this example) provides connectivity from the teleworker location to the corporate network via an Easy VPN tunnel through the Internet. However there may also be other PCs in the teleworker location that are not part of the corporate network and hence should not be allowed into the VPN. Typical examples would be PCs used by the spouse or children of the teleworker. These PCs do need Internet access, and users are likely to leverage the teleworker router to avoid installing a second broadband connection in the same home. The combination of Cisco IOS® Easy VPN with 802.1x authentication enables enterprise employees, such as this teleworker, to access their corporate network, while limiting the access of other household members to the Internet. Such a configuration, known as "split tunneling", supports some PCs using the VPN tunnel while others can only access the Internet. This solution could also be used in a branch office, where each PC must authenticate using 802.1x before they can use the VPN.