12-29-2008 09:16 AM - edited 02-21-2020 04:06 PM
I currently have an ASA5520 and about 15 5505s set up with site to site vpn connections. A few of the 5505 are connected via cable modems and their IPs change without notice. There is too much of a hassle to get static IPs. So i've been looking into the Easy vpn client for the 5505s. I got it to work for "client" but when i set it to Network Extension Mode, i can't get to any devices at the central site. Seems like a routing issue but i can't be for sure. Any suggestions?
edit: I'd also like to add that the 5505 i tested easy vpn on use to be connected with a site to site. i deleted the site to site config from the 5505 but not the 5520.
12-29-2008 09:33 AM
Does the central site routers behind the ASA know about the remote site subnets (being learned in network extension mode)?
The routers behind the ASA should have a route towards the ASA for these subnets...
Please post configs (with out passwords)
and the output of "show crypto ipsec sa" from the ASA and at least one 5505 that is not reachable.
thanks,
Joe
12-29-2008 10:24 AM
Ok, that makes sense. My core switch needs a route to the remote network. I didn't need any routes before because i was using Site to Sites. Let me try this first.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: