07-01-2009 12:48 PM - edited 03-11-2019 08:49 AM
All,
I have a need to configure ezvpn remote on an asa to our office, but they also need to have a lan-to-lan tunnel to another office. Is this possible? I can't apply ezvpn if I have any isakmp policies, tunnel-groups etc, enabled on the asa.
Thanks,
John
07-02-2009 04:09 AM
John,
My understanding is the ezvpn is just a l2l VPN without an IP address (Dynamic L2L VPN), so you can have this running on an ASA with static l2l VPN configs.
HTH>
07-02-2009 05:37 AM
Hi,
ASA cannot act as L2L vpn peer and ezvpn client at the sametime. It can be ezvpn server (to accept ezvpn clients) and L2L vpn peer at the same time. [I tried this before (when we first started deploying ezvpn solution for few of our clients)].
Here is info from cisco doc:
"When used as an Easy VPN hardware client, the ASA 5505 can also be configured to perform basic firewall services, such as protecting devices in a DMZ from from unauthorized access. However, if the ASA 5505 is configured to function as an Easy VPN hardware client, it cannot establish other types of tunnels. For example, the ASA 5505 cannot function simultaneously as an Easy VPN hardware client and as one end of a standard peer-to-peer VPN deployment".
Link:
http://www.cisco.com/en/US/docs/security/asa/asa72/getting_started/asa5505/quick/guide/remcli.html
hth
MS
**Rate helpful postings**
07-02-2009 06:08 AM
I ended up going with a L2L tunnel for the device since I needed to terminate to two different locations. It works as intended.
Thanks,
John
07-03-2009 05:54 AM
Great link Mehboob.
very helpful.. and I just wish that people asking questions and get good and fast answers would be more appreciative...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: