02-01-2011 07:40 AM
Hi,
I want configure a ASA 5505 with software 7.2(4) and license Dual ISPs and when I configure two interfaces with security level 0 in two interfaces and enable vpnclient the follow message appear:
ERROR: Unable to determine Easy VPN Remote internal and external interfaces: multiple interfaces with the same security levels.
configuration vpnlclient above:
vpnclient server x.x.x.x x.x.x.x
vpnclient mode network-extension-mode
vpnclient nem-st-autoconnect
vpnclient vpngroup TUNNEL_EZVPN_TUNNELSPEC password ********
vpnclient username usr_ezvpn_tunnelspec password ********
vpnclient enable
interfaces:
interface Vlan200
nameif outside1
security-level 0
ip address x.x.x.x 255.255.255.252
!
interface Vlan300
nameif outside2
security-level 1
ip address x.x.x.x 255.255.255.128
!
sla monitor to routing:
sla monitor 100
type echo protocol ipIcmpEcho 200.221.2.45 interface outside1
num-packets 5
frequency 30
sla monitor schedule 100 life forever start-time now
sla monitor 200
type echo protocol ipIcmpEcho 200.154.56.80 interface outside2
num-packets 5
frequency 30
sla monitor schedule 200 life forever start-time now
sla monitor 300
type echo protocol ipIcmpEcho 4.2.2.1 interface outside1
num-packets 5
frequency 30
sla monitor schedule 300 life forever start-time now
sla monitor 400
type echo protocol ipIcmpEcho 200.244.168.149 interface outside1
num-packets 5
timeout 3000
threshold 3000
frequency 30
sla monitor schedule 400 life forever start-time now
Tracking:
!
track 1 rtr 400 reachability
!
track 2 rtr 200 reachability
!
routes:
route outside1 0.0.0.0 0.0.0.0 x.x.x.x 100 track 1
route outside2 0.0.0.0 0.0.0.0 x.x.x.x 200 track 2
The track is working normal.
Regards!
Solved! Go to Solution.
02-01-2011 08:32 AM
Try using the "backup interface" command on the secondary ISP interface.
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/b_72.html#wp1338585
You will need to increase the security level to 1 for this interface.
By default, EasyVPN will use the highest security level as inside and lowest as outside. Anything in between will need to be manually set. I'm assuming you have an inside vlan defined but not added to the posted config.
02-01-2011 08:32 AM
Try using the "backup interface" command on the secondary ISP interface.
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/b_72.html#wp1338585
You will need to increase the security level to 1 for this interface.
By default, EasyVPN will use the highest security level as inside and lowest as outside. Anything in between will need to be manually set. I'm assuming you have an inside vlan defined but not added to the posted config.
02-01-2011 09:37 AM
cool its working now!
tks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide