09-05-2014 03:12 AM
Good day all,
this is my network setup in one of our branch office.
LAN ---- inside(192.168.44.1) ASA outside(10.103.1.159) ---- ISP
The ISP is doing NAT and give us a IP via DHCP (PPPoE dial-in).
Now we want to set up the branch ASA to act as EZVPN client.
But when I add the config for example this one:
We loss Internet connectivity after the last command << vpnclient enable >>.
Problem is that we can only configure the ASA remotely.
Is this a normal behaviour for VPN client setup? I found nothing in the documentation?
Thanks for your feedback!
Brgds,
Markus
09-15-2014 09:22 AM
Did you enable split tunnel on the EZVPN server?
Also you could use a dynamic site to site vpn configuration instead of EZvpn as that would make configuration and troubleshooting much more easier and you will not loose internet on the remote ASA as the crypto ACLs will be defined locally and not pushed from the server.
09-15-2014 10:47 AM
If you don't want to or can not configure split tunneling then you will need to configure hairpinning on the ezvpn server for internet traffic.
--
Please remember to select a correct answer and rate helpful posts
11-06-2014 12:23 AM
Hi Guys,
still struggling with the EZVPN setup.
This is instantaneous setup at the moment.
LAN ---- inside-(192.168.44.1) ASA outside-(DHCP private IP) ---- (private IP)-ISP Router-(public IP)
The ISP blocks UDP/500 and UDP/4500 so there is no way to setup a site-2-site VPN via IPsec.
So we tried to setup the ASA5505 as EZVPN client and configured to use TCP over IPsec. But without success. I think the problem is the private IP on our outside interface. Has someone face the same problem?
Thanks Markus
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide