Hi Cisco community,
I hope someone could help with this. As you know, Cisco has discontinued the 800 series routers, replacing them with ISR series. These ISR routers does not come with the EZvpn client feature (they come with the server feature only!!!). In my production architecture, this is a mayor issue, as I used the EZvpn client as the way to connect branches with routers behind other NAT devices and sometimes with dynamic public IPs. That magic came to an end with the ISR routers. In the other side of all VPN connections there is a ASA 5508x acting as the EZvpn server. The main problem is the lack of control that I have over the way branches connect to the Internet (I know it sounds weird, but these are the circumstances I face, in other words, I´m not who pays the internet bill in some branches). For the ASA, the situation is very common, one public static IP address to point out, but the branches....well....they find the way to connect through the Internet link no matter what thanks to the EZvpn client. What kind of new magic can I use in the ISR routers to replace the EZvpn client (as far as I know, DMVPN requires the pre-nat addresses fixed and it requires a 1:1 NAT, a huge no-no in my scenario)?
ASA 5508 x(EZvpn server) --->whatever internet link-----> cisco 800 series (EZvpn client)
ASA 5508 x (?) -----> whatever internet link---->ISR routers (?)
Thanks a lot for your help.