cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4218
Views
0
Helpful
2
Replies

Configuring Easy VPN with multiple interface with same security level

Harrisson Braga
Level 1
Level 1

Hi,

   I want configure a ASA 5505 with software 7.2(4) and license Dual ISPs and when I configure two interfaces with security level 0 in two interfaces and enable vpnclient the follow message appear:

ERROR: Unable to determine Easy VPN Remote internal and external interfaces: multiple interfaces with the same security levels.

configuration vpnlclient above:

vpnclient server x.x.x.x x.x.x.x
vpnclient mode network-extension-mode
vpnclient nem-st-autoconnect
vpnclient vpngroup TUNNEL_EZVPN_TUNNELSPEC password ********
vpnclient username usr_ezvpn_tunnelspec password ********
vpnclient enable

interfaces:

interface Vlan200
nameif outside1
security-level 0
ip address x.x.x.x 255.255.255.252
!
interface Vlan300
nameif outside2
security-level 1
ip address x.x.x.x 255.255.255.128
!

sla monitor to routing:

sla monitor 100
type echo protocol ipIcmpEcho 200.221.2.45 interface outside1
num-packets 5
frequency 30
sla monitor schedule 100 life forever start-time now
sla monitor 200
type echo protocol ipIcmpEcho 200.154.56.80 interface outside2
num-packets 5
frequency 30
sla monitor schedule 200 life forever start-time now
sla monitor 300
type echo protocol ipIcmpEcho 4.2.2.1 interface outside1
num-packets 5
frequency 30
sla monitor schedule 300 life forever start-time now
sla monitor 400
type echo protocol ipIcmpEcho 200.244.168.149 interface outside1
num-packets 5
timeout 3000
threshold 3000
frequency 30
sla monitor schedule 400 life forever start-time now

Tracking:

!
track 1 rtr 400 reachability
!
track 2 rtr 200 reachability
!

routes:

route outside1 0.0.0.0 0.0.0.0 x.x.x.x 100 track 1
route outside2 0.0.0.0 0.0.0.0 x.x.x.x 200 track 2

         The track is working normal.

Regards!

1 Accepted Solution

Accepted Solutions

Try using the "backup interface" command on the secondary ISP interface.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/b_72.html#wp1338585

You will need to increase the security level to 1 for this interface.

By default, EasyVPN will use the highest security level as inside and lowest as outside.  Anything in between will need to be manually set.  I'm assuming you have an inside vlan defined but not added to the posted config.

View solution in original post

2 Replies 2

Try using the "backup interface" command on the secondary ISP interface.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/b_72.html#wp1338585

You will need to increase the security level to 1 for this interface.

By default, EasyVPN will use the highest security level as inside and lowest as outside.  Anything in between will need to be manually set.  I'm assuming you have an inside vlan defined but not added to the posted config.

cool its working now!

tks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: