I currently have setup ezvpn between two sites using network extension mode. Is the IP pool necessary on the server end? Being that it is in network extension mode, any traffic coming from the remote site over vpn should be using its own IP address?
This is my current server config:
crypto isakmp client configuration group VPNGROUP key password dns 192.168.2.2 192.168.2.1 wins 192.168.2.1 192.168.2.2 pool vpn-pool acl 104 save-password
Where vpn-pool is assigned a pool of addresses. The remote site has no problem getting to the networks I have allowed it to access through ACLs but when I created a firewall rule based on their source IPs it doesn't seem to affect them. I'm curious if this is the result of the vpnpool assigning them different IPs.