Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
550
Views
5
Helpful
5
Replies

easy vpn or equivalent

adamgibs7
Level 6
Level 6

‎05-15-2019 09:19 AM

Dear Experts

 

if i am not wrong in Cisco we have a below vpn

 

IPSEC vpn ( point to point)

DMVPN

EZVPN

AnyConnect VPN for remote users

 

I have a 13 sites including 12 sites, on 12 small sites they have ADSL connection and in HO they have static ( my guess) so i can propose them easy vpn solution for their ADSL connection whenever their public  IP change they will form the vpn to HO.

 

will this solution will work.

Thanks 

Labels:
0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎05-15-2019 09:26 AM

Hi,
What hardware are you planning to use ASA or IOS Router?

- DMVPN/FlexVPN Site-to-Site VPN are supported on IOS Routers
- Dynamic/Static Crypto Map and VTI are supported on ASA

I'd personally use an IOS Router with either DMVPN or FlexVPN, this allows dynamic spoke-to-spoke tunnels to be established. As long as the Hub router has a static IP address the spoke routers, can have a dynamic IP address and still establish a VPN tunnel.

You can use any AnyConnect Remote Access VPN on either ASA or IOS Router (FlexVPN).

HTH

adamgibs7
Level 6
Level 6
In response to Rob Ingram

‎05-15-2019 12:59 PM

Dear RJI

i m preferring to provide ASA firewall which will do the IPS/malware/url functionality also for internet traffic , so on ASA 550X with firepower services, easy vpn can be configured with PPOE configuration but they don't have a small RJ11 interface as such routers have for ADSL connection which connects to telephone line, so in such case i have to approach ISP for the interface connection,

https://www.cisco.com/c/en/us/td/docs/security/asa/asa912/configuration/vpn/asa-912-vpn-config/vpn-easyvpn.html

 

Also i would like to know the DMVPN is supported in ASA/FTD firewall.

thanks 

0 Helpful

Rob Ingram
VIP
VIP
In response to adamgibs7

‎05-15-2019 01:18 PM

Ok sure if you want the IPS/malware functionality then I can see why you'd use the ASA.

ASA does NOT support DMVPN, routers only.
0 Helpful

adamgibs7
Level 6
Level 6
In response to Rob Ingram

‎05-15-2019 04:09 PM

Dear RJI,

 

As mentioned that PPOE connection from ASA will be through a RJ45 Ethernet interface, as if now the Branch router are having a RJ11 interface which are dialing through the line, so what i have to informed to the ISP when i moving to the Ethernet interface. do they will get some other device so that it can accept PPOE connection from my Ethernet interface,

Any hints please

 

thanks

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎05-15-2019 09:34 AM

Sure that solution works, as long as you do not have requirement remote to remote not required connection.

 

all connection go through the Hub

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card