Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
405
Views
0
Helpful
2
Replies

ASA5505 easy vpn client

cowetacoit
Level 1
Level 1

‎12-29-2008 09:16 AM - edited ‎02-21-2020 04:06 PM

I currently have an ASA5520 and about 15 5505s set up with site to site vpn connections. A few of the 5505 are connected via cable modems and their IPs change without notice. There is too much of a hassle to get static IPs. So i've been looking into the Easy vpn client for the 5505s. I got it to work for "client" but when i set it to Network Extension Mode, i can't get to any devices at the central site. Seems like a routing issue but i can't be for sure. Any suggestions?

edit: I'd also like to add that the 5505 i tested easy vpn on use to be connected with a site to site. i deleted the site to site config from the 5505 but not the 5520.

Labels:
0 Helpful
2 Replies 2

joe19366
Level 1
Level 1

‎12-29-2008 09:33 AM

Does the central site routers behind the ASA know about the remote site subnets (being learned in network extension mode)?

The routers behind the ASA should have a route towards the ASA for these subnets...

Please post configs (with out passwords)

and the output of "show crypto ipsec sa" from the ASA and at least one 5505 that is not reachable.

thanks,

Joe

0 Helpful

cowetacoit
Level 1
Level 1
In response to joe19366

‎12-29-2008 10:24 AM

Ok, that makes sense. My core switch needs a route to the remote network. I didn't need any routes before because i was using Site to Sites. Let me try this first.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents