Hello, I'm trying to configure a bridge group for example:
ip address xx.xx.xx.xx xxx.xxx.xxx.x
But i also have easy VPN setup, so when i enter 'vpnclient enable' i get this message.
'Unable to determine Easy VPN Remote internal and external interfaces: multiple interfaces with the same security levels'
which is fair enough!!
but i want to know how to get around this issue, as I want to configure the port to effectively work as switchports but i cannot activate the VPN.
I did a research in Cisco internal database and I was able to find that this is a limitation on the ASA. There is an enhancement request already opened but I don’t know when there will be a fix.
According to Cisco database both 9.7 and 9.8 version codes are affected.
Please find below a direct link to the enhancements:
As a workaround you can configure a Site to Site with Dynamic peer in case your ASA has public IP address dynamic.
Looks like this is still an issue even with 9.10(1)22.
We have exhausted all of our 5505's being given out to home users and others who occasionally work from home. We are receiving requests to provide more and at this point, we have zero options. We tried the ISR1111 and those don't even do vpnclient, only server. I thought the 5506-x would be ok once we did the bridge-group to get around the routed interfaces, but now we are hitting this issue. this stinks, come on cisco!
@Noclss2000 I see no reason why the ISR1111 cannot be used for home users. Do you want to clarify your issue in more detail?
The 5506X series is now EOL, checkout the new Firepower 1000 series appliances this new hardware with FTD 6.5 code due for release later this year should also allow for switchport interfaces.