Easy VPN Remote Enabled (Site 2 Site), Setup another tunnel?

Thomas_homeusr · ‎06-03-2018

In our company we have a ASA5505 connected to a branch office. This setup was done by the branch office's third party IT company.

They've used Easy VPN Remote for the setup. Now we temporary could use another tunnel from our office to my home server. (We're gonna use my server as a temporary backup for our fileserver.)

Is it possible to use the Wizard in ASDM to accomplish this without interfering with the already setup tunnel? Or if perhaps I manually set it up without changing any policys previously setup?

I'm asking this, because I get a warning in ASDM stating that EasyVPN Remote is enabled and policys etc. cannot be changed with this feature turned on.

On my end I'm gonna try use Softether, which should be able to connect to a cisco tunnel. (If this doesn't work I also own a 5505, which I currently don't use.)

Florin Barhala · ‎06-05-2018

I never tried but I think you'll run into issues. What Easy VPN does on the client, grabs all traffic and sends it over. Now if you build a new tunnel how can you "ask Easy VPN" to some kind of split tunneling and send all the traffic BUT some src_dst pair.

So if you really need the new tunnel I would clear the Easy VPN, build the tunnel then ack any leftover requirement.

Thomas_s · ‎06-05-2018

So, to not mess up the existing tunnel, the only alternative is to set up something else?

Or is it possible to connect another device to the same tunnel? And will will all networks be available on all three sites then?

Florin Barhala · ‎06-08-2018

You cannot connect another device to the same tunnel on the client side - your ASA acts as a client toward the Easy VPN Server.
I would suggest to keep things simpler and the config logic as well.