5505 ASA with Base license L2L & easy VPN capacity

Unanswered Question
Oct 3rd, 2008

Hi All,

I have couple of ezvpn hardware cleints ( ASA5505) clients connects to VPN3000 at central location.5505 got base license and basic ezvpn configs. Please see below..

********************************

Licensed features for this platform:

Maximum Physical Interfaces : 8

VLANs : 3, DMZ Restricted

Inside Hosts : 10

Failover : Disabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

VPN Peers : 10

WebVPN Peers : 2

Dual ISPs :Disabled

VLAN Trunk Ports : 0

This platform has a Base license.

EZVPN client config:

vpnclient server 7.50.2.17

vpnclient mode network-extension-mode

vpnclient nem-st-autoconnect

vpnclient vpngroup HOME password ***

vpnclient username user1 password ***

vpnclient enable

********************************

Now with the above license and running with ezvpn, will the ASAs support L2L tunnel in between 2 client sites, so that the client networks can speak directly..? or is it recomended to go with 'hairpin' vpn.

Thank you

MS

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Marwan ALshawi Sun, 10/05/2008 - 01:08

both works

if u have a static public IP for each ASA and vpn3000 u can do it L2L between all of them

if the bandwdith on the central site enoguh 'hairpin' good choice as well to make each ASA has one L2L tunnel and the vpn3000 will do the 'hairpin'

if u dont have public IPs for the ASAs u may do it like what u have done

if helpful Rate

mvsheik123 Sun, 10/05/2008 - 05:05

Great.Thank you. What if both cliet sites getting DHCP assigned IP from local carrier.. then as you recomended 'hairpin' is the choice..?

Thank you

MS

Marwan ALshawi Sun, 10/05/2008 - 15:25

if both geting IPs from DHCP then no static IP in the case both of ASAs needs to be ezvpn clients to the vpn3000 and after they connect u they can comunicate through 'hairpin'

good luck

if helpful Rate

Actions

This Discussion