Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

5505 ASA with Base license L2L & easy VPN capacity

Hi All,

I have couple of ezvpn hardware cleints ( ASA5505) clients connects to VPN3000 at central location.5505 got base license and basic ezvpn configs. Please see below..


Licensed features for this platform:

Maximum Physical Interfaces : 8

VLANs : 3, DMZ Restricted

Inside Hosts : 10

Failover : Disabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

VPN Peers : 10

WebVPN Peers : 2

Dual ISPs :Disabled

VLAN Trunk Ports : 0

This platform has a Base license.

EZVPN client config:

vpnclient server

vpnclient mode network-extension-mode

vpnclient nem-st-autoconnect

vpnclient vpngroup HOME password ***

vpnclient username user1 password ***

vpnclient enable


Now with the above license and running with ezvpn, will the ASAs support L2L tunnel in between 2 client sites, so that the client networks can speak directly..? or is it recomended to go with 'hairpin' vpn.

Thank you


  • VPN

Re: 5505 ASA with Base license L2L & easy VPN capacity

both works

if u have a static public IP for each ASA and vpn3000 u can do it L2L between all of them

if the bandwdith on the central site enoguh 'hairpin' good choice as well to make each ASA has one L2L tunnel and the vpn3000 will do the 'hairpin'

if u dont have public IPs for the ASAs u may do it like what u have done

if helpful Rate

Re: 5505 ASA with Base license L2L & easy VPN capacity

Great.Thank you. What if both cliet sites getting DHCP assigned IP from local carrier.. then as you recomended 'hairpin' is the choice..?

Thank you


Re: 5505 ASA with Base license L2L & easy VPN capacity

if both geting IPs from DHCP then no static IP in the case both of ASAs needs to be ezvpn clients to the vpn3000 and after they connect u they can comunicate through 'hairpin'

good luck

if helpful Rate

This widget could not be displayed.