Lan to lan tunnel and ezvpn on ASA

Unanswered Question
Jul 1st, 2009

All,

I have a need to configure ezvpn remote on an asa to our office, but they also need to have a lan-to-lan tunnel to another office. Is this possible? I can't apply ezvpn if I have any isakmp policies, tunnel-groups etc, enabled on the asa.

Thanks,

John

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
mvsheik123 Thu, 07/02/2009 - 05:37

Hi,

ASA cannot act as L2L vpn peer and ezvpn client at the sametime. It can be ezvpn server (to accept ezvpn clients) and L2L vpn peer at the same time. [I tried this before (when we first started deploying ezvpn solution for few of our clients)].

Here is info from cisco doc:

"When used as an Easy VPN hardware client, the ASA 5505 can also be configured to perform basic firewall services, such as protecting devices in a DMZ from from unauthorized access. However, if the ASA 5505 is configured to function as an Easy VPN hardware client, it cannot establish other types of tunnels. For example, the ASA 5505 cannot function simultaneously as an Easy VPN hardware client and as one end of a standard peer-to-peer VPN deployment".

Link:

http://www.cisco.com/en/US/docs/security/asa/asa72/getting_started/asa5505/quick/guide/remcli.html

hth

MS

**Rate helpful postings**

John Blakley Thu, 07/02/2009 - 06:08

I ended up going with a L2L tunnel for the device since I needed to terminate to two different locations. It works as intended.

Thanks,

John

insccisco Fri, 07/03/2009 - 05:54

Great link Mehboob.

very helpful.. and I just wish that people asking questions and get good and fast answers would be more appreciative...

Actions

This Discussion