easy vpn with one interface

Unanswered Question
Jan 9th, 2008

We want to do the following:

1) Deploy several asa5505 that are behind a NAT router that has a dhcp public ip. (we dont have control over the internet connection at the sites).

So the asa's have a private ip (192.168.0.107) like every other pc on that network.

2) I would like to use easyvpn to connect, but the 5505's will only have one network connection

3) The pc's will get a static route for a certain subnet (193.190.44.0/24) that points to the 5505 that should send it over the tunnel.

4) I am able to connect with easyvpn with only one interface (I have shut one of them -> with highest security level)

5) I can ping to the specific ip and see it leave over the tunnel but when I ping from another host in the netwerk the asa wont put it on the tunnel

After some investigation I find that after easyvpn connects the asa uses the following acl to determine what to send over the tunnel:

access-list _vpnc_acl extended permit ip host 192.168.0.107 193.190.44.0 255.255.255.0

So if I can have that changed to 'access-list _vpnc_acl extended permit ip 192.168.0.0 255.255.255.0 193.190.44.0 255.255.255.0' then the pings from the other pc's should also go over the tunnel.

However I can not change this acl because it is reserved. (ERROR: _vpnc_acl contains a reserved access list name. It cannot be manually configured)

Is there a way I can push this acl from the ASA5520 that is the easy vpn server?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion