ASA 5510 as Easy VPN client (NEM) with multiple networks

melchib · ‎01-02-2007

Hi, I was wondering if it's possible to use the easy vpn client on an asa 5510, and I want 3 networks behind the asa to be able to send traffic thru the tunnel.

Here is what the Network would look like:

VPN 3005 (server) - Internet - ASA 5510 - switch/router - 3 networks.

So, I have 3 networks I want extended to the remote site (10.10.1.0/24, 10.20.1.0/24, 10.30.1.0/24). The ASA 5510's inside would be on 10.10.1.0 connected to a router/switch on the same network. The router/switch would also have two other networks hanging off of it - 10.20.1.0 and 10.30.1.0.

Could those networks also be part of the vpn tunnel when using Easy VPN? Is there any sample config I could look at that shows this scenario?

Thanks!

Brad

aghaznavi · ‎01-09-2007

The ASA 5505 Easy VPN supports hardware client feature parity with the Cisco VPN 3002 and the PIX 501 and PIX 506. These features include:

Client Mode (also called Port Address Translation) and Network Extension Mode.

Client Mode?Hides the IP addresses of devices on the ASA 5505 private network, so that all traffic from the ASA 5505 private network arrives on the private network of the central-site security appliance with a single-source, assigned IP address. You cannot ping or access a device on the ASA 5505 private network from the central site, but you can access the assigned IP address.

?Network Extension Mode?Permits devices behind the security appliance to have direct access to devices on the ASA 5505 private network only through the tunnel. You can ping or access a device on the ASA 5505 network from the central site.