Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5505 easy vpn client

I currently have an ASA5520 and about 15 5505s set up with site to site vpn connections. A few of the 5505 are connected via cable modems and their IPs change without notice. There is too much of a hassle to get static IPs. So i've been looking into the Easy vpn client for the 5505s. I got it to work for "client" but when i set it to Network Extension Mode, i can't get to any devices at the central site. Seems like a routing issue but i can't be for sure. Any suggestions?

edit: I'd also like to add that the 5505 i tested easy vpn on use to be connected with a site to site. i deleted the site to site config from the 5505 but not the 5520.

joe Bronze

Re: ASA5505 easy vpn client

Does the central site routers behind the ASA know about the remote site subnets (being learned in network extension mode)?

The routers behind the ASA should have a route towards the ASA for these subnets...

Please post configs (with out passwords)

and the output of "show crypto ipsec sa" from the ASA and at least one 5505 that is not reachable.



New Member

Re: ASA5505 easy vpn client

Ok, that makes sense. My core switch needs a route to the remote network. I didn't need any routes before because i was using Site to Sites. Let me try this first.