Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1352
Views
5
Helpful
5
Replies

VPN ASA Headend to ASA5505 remote End on Customer LAN

Go to solution
ben.reynolds
Level 1
Level 1

‎11-05-2014 01:39 AM - edited ‎03-05-2019 12:06 AM

Hi Guys,

I'm wondering if you you can point me in the right direction. We have a requirement from the business to print labels from our as400 main frame via some of our partners sites. These are fairly small partners that tend to generally have a standard broadband connection with router connected. Their IT knowledge is limited and we are looking to implement a sort of plug play solution into the current infrastructure. So what we would like to is install ASA directly onto their LAN that has internet access but no public IP assigned and create effectively a VPN tunnel back to our ASA at HQ. I have a attached a quick drawing can you confirm if this is possible and the best way to achieve?

Labels:
Preview file
43 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
LA-Engineer
Level 1
Level 1

‎11-05-2014 04:52 PM

Yep this is possible.  You can configure the 5505 to use ezvpn (vpnclient).  Configure the group-policy to tunnel all traffic.  

 

http://www.jump.net.uk/blog-cisco-easy-vpn-on-asa

View solution in original post

0 Helpful

Go to solution
LA-Engineer
Level 1
Level 1
In response to ben.reynolds

‎11-06-2014 10:14 AM

That's great.  Is the problem that you cannot ping just the LAN interface or can you not ping any host on the remote end at all?

 

You'll at least need to set the mode to "network-extension-mode".  You might need firewall rules to allow the traffic.  You also might need to set "management-access" to your inside interface.

View solution in original post

5 Replies 5

Go to solution
LA-Engineer
Level 1
Level 1

‎11-05-2014 04:52 PM

Yep this is possible.  You can configure the 5505 to use ezvpn (vpnclient).  Configure the group-policy to tunnel all traffic.  

 

http://www.jump.net.uk/blog-cisco-easy-vpn-on-asa

0 Helpful

Go to solution
ben.reynolds
Level 1
Level 1
In response to LA-Engineer

‎11-06-2014 06:07 AM

Thanks for your assistance I've got it all up and running now. Just one final question now it's up and running the only thing I do not seem to be able to do is ping the LAN interface of the ASA on the remote end. I can see the firewall HQ sending packets but see anything in return and on the remote side I see nothing in the logs.

0 Helpful

Go to solution
LA-Engineer
Level 1
Level 1
In response to ben.reynolds

‎11-06-2014 10:14 AM

That's great.  Is the problem that you cannot ping just the LAN interface or can you not ping any host on the remote end at all?

 

You'll at least need to set the mode to "network-extension-mode".  You might need firewall rules to allow the traffic.  You also might need to set "management-access" to your inside interface.

Go to solution
ben.reynolds
Level 1
Level 1
In response to LA-Engineer

‎11-07-2014 04:00 AM

It was me, forgot to assign the management-access. Everything is working great. Thanks for your help.

0 Helpful

Go to solution
LA-Engineer
Level 1
Level 1
In response to ben.reynolds

‎11-07-2014 10:09 AM

Awesome

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card