Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
5
Helpful
2
Replies

CISCO ASA EASY VPN Issue

The_resurrected
Level 1
Level 1

‎01-10-2021 03:31 PM

Dear All , 

 

I have 2 ASA's one with static IP one with dynamic.
I want to create a S2S VPN , 

I use the EasyVPN on the one ASA to connect as a remote client ( in network extension mode) I took all steps , the 2 ASAs negotiate properly phase 1 and phase 2 BUT there is an issue with addressing of the remote ASA , and therefor causing issue of no internet connectivity on that ASA but VPN tunnel works as expected from both sides ( the remote to local and visa versa ) 

I will share some pictures from the monitoring port of the static IP ASA and I think the issue are the local address being all zeros .. 

I will redact some information for the sake of privacy

I hope you can help me clear this out because it is very very strange... ( it should had being a plug and play .. ) 

and the remote ASA is behind a NAT ( that's why I can't use the typical S2S VPN setup ) 

Thank you in advance 

And if there is a way to use IKEv2 with Easy VPN tell me I want to keep stuff as up to date and secure as possible .. 

Thank you 
please see attached 




Labels:
Preview file
673 KB
Preview file
679 KB
0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎01-10-2021 05:24 PM

Even so asa behind NAT you can deploy site to site .

0 Helpful

The_resurrected
Level 1
Level 1
In response to MHM Cisco World

‎01-10-2021 05:40 PM

Dear Sir , 

thank you for your answer , 

 

Yes of course you can deploy S2S VPN even if 1 of the 2 ASAs is behind NAT / or public IP 
Given that your "central" ASA has direct connection to the internet with routable public IP directly on the ethernet interface of the central ASA ...

But my question is pointing out the issue with the addressing ... if there is some sort of option I forgot to include .. 

 

Thank you 

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents