You need an affordable solution to connect multiple locations with dynamic IPs to a central VPN server.
FlexVPN/DMVPN would solve this but central IOS routers cost plenty of money and offer only a limited HA solution. You would need a HSEC license if you want to go for over 85Mbit and 225 tunnels. Also firewall management via CLI is a mess.
If you have dynamic IPs (e.g. with 4G) and don't want to go for certificates, you have to use PSK. The downside is that every PSK has to be the same via DefaultL2LGroup. To avoid this, we create IKEv2 tunnel groups and set the isakmp ID on the clients to the name of the tunnel group.
The ASA (esp. 5515-X) is quite affordable, handling multiple tunnels with high throughput. Also it offers really good HA with Active/Standby failover including stateful IPSEC failover. On the downside it doesn't support FlexVPN, so the config part on the routers is quite big.
On the client side we use 880 Branch Routers which support all needed features.
On the ASA we configure the following (only crypto parts)
Specify the subnets:
access-list outside_cryptomap extended permit ip object OUR-NET object CLIENT-NET
Hi All ,we have cisco ISE distributed deployment , and we are using EAP Channing for authentication , now my scenario is we have one domain Machine and two Domain Users , when users A login on the machine its working fine and get complaint , but...
We're using Jamf as our MDM solution. We've got Jamf configured as a SCEP Proxy in front of our MS CA which issues device authentication certificates to our iPads. Certificates are issued successfully to iPads and are visible both on the devi...
Hello, We have a Cisco IronPort C170 with OS version 10.0.0-203 acting as a Mail Anti Spam for our Network. Last week, we had an incident of spam mails that were sent to almost all the company workers. The sender e-mail address is (ISCULLINAS@GM...
Hello,i have a tablet with Android 9 (Samsung Galaxy Tab 5Se) and i would like to configure an IPSec VPN account with PSK, Identifier and server address. With android 9 a connection did not work for me. But i have downloaded the anyconnect client. Do...
We have a separated environment. (PRI) ADMIN (SEC) ADMIN (PRI) MONITOR (SEC) MONITOR. And we have 4 Policy Nodes spread out to multiple locations. I am using HAProxy for the Admin API, and this works fine. I am trying to have...