EZVPN and ASA, with NEM

Unanswered Question
Jun 15th, 2007
User Badges:

We have setup a site to connect to the ASA with ezvpn and nem, which works fine, but we also want internet based traffic to be in the tunnel then go out through the asa. This means that it arrives encrypted on the same interface as we want to send it out to the net. This works fine with the cisco pc client but not these sites?

My only possible thought is the tunneled default route option and send the packet to an internal router before it gets bounced back into the ASA - not sure if this would work. Any other ideas?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
ggilbert Fri, 06/15/2007 - 05:28
User Badges:
  • Cisco Employee,


Can you give me the output of the following commands

sh run | in route

sh run | in local pool

sh run | in nat

And the network address of the remote EzVPN client.

After the EzVPN client is connected, can you run the following command and send it to me.

sh vpn-sessionsdb remote



cuthbert-cisco Sat, 06/16/2007 - 00:20
User Badges:

Thank you for the responses, but I've sorted it. The network range was missing from being dynamically natted for the internet.


rkazmierczak Fri, 06/15/2007 - 05:43
User Badges:


if the ASA is also the default gateway on your network (connected to the internet), the only thing you probably need to do is to make sure that the you do nat on the remote subnet so that the remote subnet can reach the internet.

This can be a bit tricky because you still have to do nat on these subnets when the destination is the HQ network.


This Discussion