Re: EZ vpn alternative

Kima-25 · ‎07-07-2023

Hello,

I'm working on a project for a customer who has ASA firewalls at headquarters and remote sites with Internet access.
The sites doesn't have a fixed public IP address, can't set up IPsec with the firewalls at headquarters, so he's using the proprietary Cisco EZ VPN protocol (which is enf of life).
my question is, if we propose a sdwan meraki solution, can we set up VPN tunnels even if we don't have fixed IP addresses on the remote sites?

thanks for your help

Aref Alsouqi · ‎07-07-2023

If initiating the site to site tunnels only from the branches towards the HQ ASA would be an acceptable solution, then I think you can do something like this:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119007-config-asa9x-ike-ipsec-00.html

Kima-25 · ‎07-07-2023

hello @Aref Alsouqi ,

Thanks for your reply, but I don't have ASA on the remote sites. I only have a Cisco 800 router.

MHM Cisco World · ‎07-07-2023

ASA and Router

Best solution is flexvpn.

But can you elaborate more about sd-wan.

Thanks

Aref Alsouqi · ‎07-07-2023

You are welcome. You can still do the same with the routers. On the ASA you configure the site to site as per the link I shared in the static peer section, and on the routers you configure the site to site tunnels as normal, that should work.