cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
570
Views
0
Helpful
2
Replies

Multiple EasyVPN Remote sites using NEM

dporod
Level 1
Level 1

I am installing 2 ASA 5505s at home offices with dynamic IPs. The EasyVPN server is a ASA585x. I am using the 5505s in NEM mode. I configured a unique DHCP scope on each 5505. I have a dynamic crpto map on the server. I configured unique tunnel groups, group policies and usernames for each site on the server.

This seems to work fine.

Is it normal to configure unique tunnel groups, group policies and usernames for each remote site? 

2 Replies 2

Hi,

I would say yes, since you have full control over each connection profile and group-policy. Usually one single connection profile and group-policy represent one single point of failure.

You could use the same username as long as you allow enough simultaneous logins with the "vpn-simultaneous-login" command under the group-policy settings.

Portu.

Please rate any helpful posts

olpeleri
Cisco Employee
Cisco Employee

Hello,

You can either have one group for all sites or one group per site.

Having one group make more sense if you have common group-policies.

For usernames, It's better to have one per site [ to avoid to change all routers passwords if that user/pass got leaked]

Cheers,