Home Office VPN (ASA5505) to HQ

Unanswered Question
Aug 17th, 2009

I have an ASA 5505 (8.2.1) at a remote home. The ASA will connect to the HQ VPN Con 3030. The home office will have an IP phone and the user's laptop. I have successfully setup Easy VPN. I have defined port 6 and 7 to be a part of VLAN 1. VLAN 1 routes across the tunnel to HQ. The other port (1-5) are assigned to another VLAN and route directly to the Internet.

How do I ensure only my company systems (IP phone and laptop) connect to the ASA and the company network?

This is what I have so far

vpnclient server x.x.x.x

vpnclient mode network-extension-mode

vpnclient nem-st-autoconnect

vpnclient vpngroup <group name> password ********

vpnclient username <username> password ********

vpnclient mac-exempt 000b.4600.0000 ffff.ff00.0000

vpnclient enable

I would like to use something like port security (doesn't appear to be an option), 802.1x (doesn't appear to be an option) or xauth (haven't been able to get it to work).


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mvsheik123 Tue, 08/18/2009 - 07:03


Not sure if this help you.I have similar kind of setup for few of our managers and we use Base license ASA.So the 3rd Vlan need a command "no forward interface vlan1" - which only to Internet and no way they can communicate with enterprise resources.




This Discussion