cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
833
Views
0
Helpful
4
Replies

Connecting a L3 Cisco switch behind a 871 using easyvpn

roquette
Level 1
Level 1

Hello,

It is our habit to use easyvpn on 871 routers in order to connect our remote sites to our ASA 5500 VPN concentrators.

It runs well, we define vlans on the 871 and connect L2 Cisco switches behind the VPN routers.

Problem is that we have now to connect L3 Cisco switches behind the VPN routers and so we're facing routing issues ...

No way to make it runs for all the vlans defined on the L3 core switch !

I guess we have to use a specific configuration (IRB ?).

Or do we have to use IPSEC L2L instead of the easyvpn ?

Thanks for your kind help.

Cordially

Patrick Letendart

1 Accepted Solution

Accepted Solutions

Patrick,

It will definetly get you started.

You might want to google bit more for this.

Someone posted this on forums, but I think you might want to ask them

https://supportforums.cisco.com/docs/DOC-3066;jsessionid=444194CDE250004E116705FF0ADAD955.node0

Hope this helps.

Marcin

edit: Many thing depend whether you're using NEM and if you plan using it. If you stumple into any qustions - post them here.

View solution in original post

4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Patrick,

Lan-to-Lan landing on dynamic crypto map on ASA would be the easiest "L3" solution. Minimum reconfiguration on ASA - problem would be with PSK being the same .... and no xauth.

Proper Lan-to-lan - depending on how many sites you have (and their config) might get your config much bigger.

IRB on the L3 switch would be indeed a possibility, but from there we basically defaet the purpose of L3 on L3 switch ;-)

Depending on the switch vendor/capabilities NAT might be an option there? (kind of dirty, but in theory would allow you to initiate traffic both ways - unless you got for PAT).

(Not tested, and requiring change of hardware on headend) DVTI solution on both ends of ezvpn - of course ASA does not support it - it would have to be a router.

I think I covered majority of things popping into my head on such short notice

Marcin

Hi Marcin

Thanks for your quick answer.

It's seems to be beyond any doubt now : we have to test a LanToLan configuration.

I found the following link as a sample to implement a L2L betwwen an ASA and a PIX, what do you think about it ? a good one ?

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805e8c80.shtml

I really appreciate your help, thanks again

Patrick

Patrick,

It will definetly get you started.

You might want to google bit more for this.

Someone posted this on forums, but I think you might want to ask them

https://supportforums.cisco.com/docs/DOC-3066;jsessionid=444194CDE250004E116705FF0ADAD955.node0

Hope this helps.

Marcin

edit: Many thing depend whether you're using NEM and if you plan using it. If you stumple into any qustions - post them here.

Really many thanks.

l'm looking for the solution with the tips you give me.

I'll summarize what we'll implement in order to complete this discussion.

bye, Patrick

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: