ASA5505 easy vpn client

Unanswered Question
Dec 29th, 2008

I currently have an ASA5520 and about 15 5505s set up with site to site vpn connections. A few of the 5505 are connected via cable modems and their IPs change without notice. There is too much of a hassle to get static IPs. So i've been looking into the Easy vpn client for the 5505s. I got it to work for "client" but when i set it to Network Extension Mode, i can't get to any devices at the central site. Seems like a routing issue but i can't be for sure. Any suggestions?

edit: I'd also like to add that the 5505 i tested easy vpn on use to be connected with a site to site. i deleted the site to site config from the 5505 but not the 5520.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Does the central site routers behind the ASA know about the remote site subnets (being learned in network extension mode)?

The routers behind the ASA should have a route towards the ASA for these subnets...

Please post configs (with out passwords)

and the output of "show crypto ipsec sa" from the ASA and at least one 5505 that is not reachable.

thanks,

Joe

cowetacoit Mon, 12/29/2008 - 10:24

Ok, that makes sense. My core switch needs a route to the remote network. I didn't need any routes before because i was using Site to Sites. Let me try this first.

Actions

This Discussion