Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN ASA Headend to ASA5505 remote End on Customer LAN

Hi Guys,

I'm wondering if you you can point me in the right direction. We have a requirement from the business to print labels from our as400 main frame via some of our partners sites. These are fairly small partners that tend to generally have a standard broadband connection with router connected. Their IT knowledge is limited and we are looking to implement a sort of plug play solution into the current infrastructure. So what we would like to is install ASA directly onto their LAN that has internet access but no public IP assigned and create effectively a VPN tunnel back to our ASA at HQ. I have a attached a quick drawing can you confirm if this is possible and the best way to achieve?

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Yep this is possible.  You

Yep this is possible.  You can configure the 5505 to use ezvpn (vpnclient).  Configure the group-policy to tunnel all traffic.  

 

http://www.jump.net.uk/blog-cisco-easy-vpn-on-asa

New Member

That's great.  Is the problem

That's great.  Is the problem that you cannot ping just the LAN interface or can you not ping any host on the remote end at all?

 

You'll at least need to set the mode to "network-extension-mode".  You might need firewall rules to allow the traffic.  You also might need to set "management-access" to your inside interface.

5 REPLIES
New Member

Yep this is possible.  You

Yep this is possible.  You can configure the 5505 to use ezvpn (vpnclient).  Configure the group-policy to tunnel all traffic.  

 

http://www.jump.net.uk/blog-cisco-easy-vpn-on-asa

New Member

Thanks for your assistance I

Thanks for your assistance I've got it all up and running now. Just one final question now it's up and running the only thing I do not seem to be able to do is ping the LAN interface of the ASA on the remote end. I can see the firewall HQ sending packets but see anything in return and on the remote side I see nothing in the logs.

New Member

That's great.  Is the problem

That's great.  Is the problem that you cannot ping just the LAN interface or can you not ping any host on the remote end at all?

 

You'll at least need to set the mode to "network-extension-mode".  You might need firewall rules to allow the traffic.  You also might need to set "management-access" to your inside interface.

New Member

It was me, forgot to assign

It was me, forgot to assign the management-access. Everything is working great. Thanks for your help.

New Member

Awesome

Awesome

121
Views
5
Helpful
5
Replies
CreatePlease to create content