Easy and site to site VPN on the same ASA interface

Unanswered Question
Feb 13th, 2007


Is it possible to configure the ASA5520 to support both easy and site-to-site VPN on the same outside interface!!!!

incase your answer is YES.. how could we do it !!


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
balsheikh Tue, 02/13/2007 - 12:52

sorry for causing confusion, i mean vpn client and site to site vpn.

ROBERTO TACCON Sun, 02/25/2007 - 11:13

Yes its' possible.


In this sample configuration, Tiger is the remote PIX and Lion is the central PIX. Since the IP address of Tiger is unknown, you must configure Lion to dynamically accept connections from anywhere knowing the wild-card, pre-shared key. Tiger knows what traffic is to be encrypted (because it is specified by the access-list) and where the Lion endpoint is located. Tiger must initiate the connection. Both sides perform NAT and nat 0 in order to bypass NAT for IPsec traffic.

In addition, the remote user in this configuration connects to the central PIX (Lion) using the Cisco VPN Client 4.x. The remote user cannot connect to the remote PIX (Tiger) since both sides have dynamically assigned IP addresses and do not know where to send the request.


This Discussion