Layer2 site2site(asa)

Answered Question
Sep 11th, 2012

Dear,

for a customer setup we are trying to configure a site to site vpn with a asa5505 and a asa5520.

Both side's need to be in the same subnet so it with be a Layer2 VPN(bridge).

I've looked around but can't seem to find anything about it. Does anybody have experience with this or an example?

I have here 2 asa5505 firewall on my desk to test the vpn connection.

PS: i now it's beter to route the traffic instead of bridge the traffic but it's only as a backup line so no production will be goiing over the line.             

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 2 years 8 months ago

It is not possible

ASA does not support L2TP client configuration, so you can't have L2TP between 2 ASAs.

Correct Answer by Karsten Iwen about 2 years 8 months ago

If you really need L2, then you have to deploy two routers (one on each site) and configure an IPSec/GRE-Tunnel between them. There you can bridge your traffic.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Correct Answer
Karsten Iwen Tue, 09/11/2012 - 00:37

If you really need L2, then you have to deploy two routers (one on each site) and configure an IPSec/GRE-Tunnel between them. There you can bridge your traffic.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

stimpy182 Tue, 09/11/2012 - 00:40

If i read around it says it's possible to make a L2TP tunnel. but can't find it site-to-site.

So it's not possible with the asa but with a regular router it would be possible?

Ps : it's not supported or it's not possible ;-). because it would only be as a backup line(max. 4h SLA)

          There will be a Layer-2 tunnel provided by the provider, but they wan't a backup over internet when the line is down.

Correct Answer
Jennifer Halim Tue, 09/11/2012 - 00:43

It is not possible

ASA does not support L2TP client configuration, so you can't have L2TP between 2 ASAs.

Actions

Login or Register to take actions

This Discussion

Posted September 11, 2012 at 12:21 AM
Updated September 11, 2012 at 12:22 AM
Stats:
Replies:4 Overall Rating:5
Views:2350 Votes:0
Shares:0
Categories: ASA
+

Related Content