cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
304
Views
0
Helpful
2
Replies

Easy and site to site VPN on the same ASA interface

balsheikh
Level 1
Level 1

Hello,

Is it possible to configure the ASA5520 to support both easy and site-to-site VPN on the same outside interface!!!!

incase your answer is YES.. how could we do it !!

Regards,

2 Replies 2

balsheikh
Level 1
Level 1

sorry for causing confusion, i mean vpn client and site to site vpn.

Yes its' possible.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

In this sample configuration, Tiger is the remote PIX and Lion is the central PIX. Since the IP address of Tiger is unknown, you must configure Lion to dynamically accept connections from anywhere knowing the wild-card, pre-shared key. Tiger knows what traffic is to be encrypted (because it is specified by the access-list) and where the Lion endpoint is located. Tiger must initiate the connection. Both sides perform NAT and nat 0 in order to bypass NAT for IPsec traffic.

In addition, the remote user in this configuration connects to the central PIX (Lion) using the Cisco VPN Client 4.x. The remote user cannot connect to the remote PIX (Tiger) since both sides have dynamically assigned IP addresses and do not know where to send the request.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: