Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
5
Helpful
3
Replies

ASA with EZVPN

rafik.harrar
Level 1
Level 1

‎11-02-2012 04:28 AM

Hi,

Im having trouble configuring with EZVPN on ASA5510.

vpn.JPG

EZVPN uses the local Lan as the source IP, now since the EZVPN is configured on the ASA, it will use its local port 2.2.2.1 as the source local LAN. The actual local network is behind a firewall and i need the tunnel to extend to the 10.10.10.10 network. Is there a way to extend the tunnel to use the 10.10.10.10 as the source LAN? And does anyone know how to do it via the GUI? I hope this makes sense.

Labels:
0 Helpful
3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

‎11-02-2012 04:55 AM

No, you can't extend the subnet to be encrypted through EZVPN tunnel to the subnet a few hops away from the ASA.

For EZVPN, it only supports one local interface subnet that has the highest security level configured on the ASA.

For what you want to do, it is best to configure site-to-site VPN tunnel instead.

0 Helpful

rafik.harrar
Level 1
Level 1
In response to Jennifer Halim

‎11-02-2012 05:04 AM

Hi Jennifer,

thanks for the reply. The customer doesnt support site-to-site vpn and they only use EZVPN for some security reason. any other suggestions with ASA?

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to rafik.harrar

‎11-02-2012 05:07 AM

The only other solution would be to PAT/NAT the 10.10.10.10 subnet to an ip address within the 2.2.2.x subnet (whether it's the FW IP: 2.2.2.2, or any other ip address within the 2.2.2.x subnet).

That way, the 10.10.10.10 subnet can access the EZVPN tunnel.

Customers Also Viewed These Support Documents