Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Home Office VPN (ASA5505) to HQ

I have an ASA 5505 (8.2.1) at a remote home. The ASA will connect to the HQ VPN Con 3030. The home office will have an IP phone and the user's laptop. I have successfully setup Easy VPN. I have defined port 6 and 7 to be a part of VLAN 1. VLAN 1 routes across the tunnel to HQ. The other port (1-5) are assigned to another VLAN and route directly to the Internet.

How do I ensure only my company systems (IP phone and laptop) connect to the ASA and the company network?

This is what I have so far

vpnclient server x.x.x.x

vpnclient mode network-extension-mode

vpnclient nem-st-autoconnect

vpnclient vpngroup <group name> password ********

vpnclient username <username> password ********

vpnclient mac-exempt 000b.4600.0000 ffff.ff00.0000

vpnclient enable

I would like to use something like port security (doesn't appear to be an option), 802.1x (doesn't appear to be an option) or xauth (haven't been able to get it to work).

Ideas?

1 REPLY

Re: Home Office VPN (ASA5505) to HQ

Hi,

Not sure if this help you.I have similar kind of setup for few of our managers and we use Base license ASA.So the 3rd Vlan need a command "no forward interface vlan1" - which only to Internet and no way they can communicate with enterprise resources.

hth

MS

152
Views
0
Helpful
1
Replies
CreatePlease to create content