Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
3
Helpful
8
Replies

L2TP on ASA software image on FPR1150

Go to solution
KayaaKashyap
Level 1
Level 1

‎02-17-2025 06:08 AM

Hi Community, 

I am looking for step by step guide to configure L2TP VPN on FPR1150 with ASA image on it.

Also what will be prerequisite?

Is it only possible over IPsec VPN?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎02-17-2025 06:39 AM

@KayaaKashyap well the Cisco documents says the ASA supports L2TP for IKEv1/IPSec Remote Access VPN. However AnyConnect/Secure Client only supports IKEv2, not IKEv1. I assume you'd have to use the client OS built-in client (if supported).

https://www.cisco.com/c/en/us/td/docs/security/asa/asa922/configuration/vpn/asa-922-vpn-config/vpn-l2tp-ipsec.html?bookSearch=true

 

View solution in original post

8 Replies 8

Go to solution
Rob Ingram
VIP
VIP

‎02-17-2025 06:39 AM

@KayaaKashyap well the Cisco documents says the ASA supports L2TP for IKEv1/IPSec Remote Access VPN. However AnyConnect/Secure Client only supports IKEv2, not IKEv1. I assume you'd have to use the client OS built-in client (if supported).

https://www.cisco.com/c/en/us/td/docs/security/asa/asa922/configuration/vpn/asa-922-vpn-config/vpn-l2tp-ipsec.html?bookSearch=true

 

Go to solution
KayaaKashyap
Level 1
Level 1
In response to Rob Ingram

‎02-17-2025 09:53 AM

This is requirement to connect two remote sites with L2TP which are connected over Sdwan, is it feasible without Public IP? 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to KayaaKashyap

‎02-17-2025 09:58 AM

@KayaaKashyap perhaps run VXLAN between the switches at the two sites over the tunnel.

0 Helpful

Go to solution
KayaaKashyap
Level 1
Level 1
In response to Rob Ingram

‎02-17-2025 10:01 AM

As per our client requirements, VXLAN is not much secure and client is looking for L2TP only.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to KayaaKashyap

‎02-17-2025 10:05 AM

@KayaaKashyap if the sites communicate using SDWAN then the traffic is encrypted, so whether it's VXLAN or L2TP communication is secure. You could run L2TP or VXLAN on the switches and just tunnel over the SDWAN.

Go to solution
MHM Cisco World
VIP
VIP
In response to KayaaKashyap

‎02-17-2025 10:01 AM

I remember that we suggest to ypu vxlan.

Also why ypu want l2 tunnel between two site?

MHM

0 Helpful

Go to solution
KayaaKashyap
Level 1
Level 1
In response to MHM Cisco World

‎02-17-2025 10:05 AM

This is functionality testing on their Pilot sites.

They want to test all possible/feasible functionality to implement it as per requirements.

Go to solution
MHM Cisco World
VIP
VIP
In response to KayaaKashyap

‎02-17-2025 12:33 PM

Ok' are there any l3 device behind ASA' 

You can end l2tp vpn in this device and bypass traffic through ASA.

Only you need to open port for l2tp in asa' for bypass traffic.

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card