Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
819
Views
0
Helpful
4
Replies

Cisco IOS router to ASA Anyconnect configuration

Go to solution
Albert Wong
Level 1
Level 1

‎06-18-2013 08:12 PM - edited ‎02-21-2020 06:58 PM

Hello,

               Could someone give me some pointers whether I can use a Cisco 1812 to login to a Cisco ASA5512X using Anyconnect. The issue we have is that some of the remote offices can't be given fixed IP addresses...

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎06-19-2013 12:46 AM

AnyConnect can't be used as it's only a software-client-solution and not integrated into IOS like the EzVPN-client.

You can use the already proposed dynamic crypto maps on the ASA with a standard crypto map on the router, or you configure EzVPN remote on the router and EzVPN server on the ASA:

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_esyvpn/configuration/15-mt/sec-easy-vpn-rem.html

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_remote_access.html

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
4 Replies 4

Go to solution
czaja0000
Level 1
Level 1

‎06-19-2013 12:40 AM

Hi,

Maybe this idea will be helpfully.

Check this documentation:

Dynamic IPsec Tunnel Between a Statically Addressed ASA and a Dynamically Addressed Cisco IOS Router

This is a sample how to configure the ASA to accept dynamic IPsec connections from the Cisco router.

Remember, in this scenario L2L tunnel establishes only when the tunnel is initiated from the router !!

________________
Best regards,
MB

________________ Best regards, MB
0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎06-19-2013 12:46 AM

AnyConnect can't be used as it's only a software-client-solution and not integrated into IOS like the EzVPN-client.

You can use the already proposed dynamic crypto maps on the ASA with a standard crypto map on the router, or you configure EzVPN remote on the router and EzVPN server on the ASA:

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_esyvpn/configuration/15-mt/sec-easy-vpn-rem.html

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_remote_access.html

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Albert Wong
Level 1
Level 1
In response to Karsten Iwen

‎07-12-2013 08:31 AM

karsen,

               I got it working but I only got an IP address for within the VPN Pool of IPs. The configuration was a breeze and EZVPN is one of the best documented part of all the Cisco VPN technology.

Having said that I don't have it clear how I do create a site to site VPN with EZVPN

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Albert Wong

‎07-12-2013 09:39 AM

Well, EzVPN is also a Remote-Access technology, so you don't configure site-to-site VPNs. But you can achieve something similar:

Your router is still the EzVPN client and initiates the connection. In the ezvpn-client config you have to change the mode from client (which is the default) to network-extension. With that, the router won't request an IP through mode-config. Instead your local LAN IPs can communicate transparently through the tunnel.

In addition to that change on the client, you have to add the option to allow network-extention-mode in the corresponding group-policy of your EzVPN server (the ASA).

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents