cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4951
Views
0
Helpful
4
Replies

Layer2 site2site(asa)

stimpy182
Level 1
Level 1

Dear,

for a customer setup we are trying to configure a site to site vpn with a asa5505 and a asa5520.

Both side's need to be in the same subnet so it with be a Layer2 VPN(bridge).

I've looked around but can't seem to find anything about it. Does anybody have experience with this or an example?

I have here 2 asa5505 firewall on my desk to test the vpn connection.

PS: i now it's beter to route the traffic instead of bridge the traffic but it's only as a backup line so no production will be goiing over the line.             

2 Accepted Solutions

Accepted Solutions

If you really need L2, then you have to deploy two routers (one on each site) and configure an IPSec/GRE-Tunnel between them. There you can bridge your traffic.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

It is not possible

ASA does not support L2TP client configuration, so you can't have L2TP between 2 ASAs.

View solution in original post

4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

This is not a supported configuration on the ASA.

If you really need L2, then you have to deploy two routers (one on each site) and configure an IPSec/GRE-Tunnel between them. There you can bridge your traffic.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

stimpy182
Level 1
Level 1

If i read around it says it's possible to make a L2TP tunnel. but can't find it site-to-site.

So it's not possible with the asa but with a regular router it would be possible?

Ps : it's not supported or it's not possible ;-). because it would only be as a backup line(max. 4h SLA)

          There will be a Layer-2 tunnel provided by the provider, but they wan't a backup over internet when the line is down.

It is not possible

ASA does not support L2TP client configuration, so you can't have L2TP between 2 ASAs.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: