Lan to lan tunnel and ezvpn on ASA

Unanswered Question
Jul 1st, 2009
User Badges:
  • Purple, 4500 points or more


I have a need to configure ezvpn remote on an asa to our office, but they also need to have a lan-to-lan tunnel to another office. Is this possible? I can't apply ezvpn if I have any isakmp policies, tunnel-groups etc, enabled on the asa.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
mvsheik123 Thu, 07/02/2009 - 05:37
User Badges:
  • Gold, 750 points or more


ASA cannot act as L2L vpn peer and ezvpn client at the sametime. It can be ezvpn server (to accept ezvpn clients) and L2L vpn peer at the same time. [I tried this before (when we first started deploying ezvpn solution for few of our clients)].

Here is info from cisco doc:

"When used as an Easy VPN hardware client, the ASA 5505 can also be configured to perform basic firewall services, such as protecting devices in a DMZ from from unauthorized access. However, if the ASA 5505 is configured to function as an Easy VPN hardware client, it cannot establish other types of tunnels. For example, the ASA 5505 cannot function simultaneously as an Easy VPN hardware client and as one end of a standard peer-to-peer VPN deployment".




**Rate helpful postings**

John Blakley Thu, 07/02/2009 - 06:08
User Badges:
  • Purple, 4500 points or more

I ended up going with a L2L tunnel for the device since I needed to terminate to two different locations. It works as intended.



insccisco Fri, 07/03/2009 - 05:54
User Badges:

Great link Mehboob.

very helpful.. and I just wish that people asking questions and get good and fast answers would be more appreciative...


This Discussion