06-24-2013 07:46 AM
Dear All,,
Please help me to get some information for implementing VPN in ASA5500 series...
I involved in a project of integrating seven sites with ASA 5500 via VPN.My headoffice is withh ASA5512 and other branch offices having ASA5505.I need all site to be interconnected and needs to communicate each other. My head office is having Static IP and all other branch offices are with dynamic IP.
Which is the best solution that I can suggest to my client in VPN.
Please find the below details also.
ASA5505 s/w version - 8.2(5)
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 10
Dual ISPs : Disabled
VLAN Trunk Ports : 0
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
ASA5512 s/w version : 8.6(1)2
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Thanks & Regards,
Rinchu
Solved! Go to Solution.
06-27-2013 09:25 AM
did you use RRI?
set reverse route to dynamic map see if it works.
Sent from Cisco Technical Support iPhone App
06-24-2013 07:56 AM
5505 can work as ezvpn client, or just dynamic l2l also works.
Please check config guide of 5505.
Sent from Cisco Technical Support iPad App
06-24-2013 08:09 AM
Thanks Shaoqin Li
This is an option ,but my doubt is will branch to branch communication will happen in ezvpn?
Regards,
Rinchuraj
06-27-2013 09:12 AM
Hi Shaoqin,
I had done ezvpn between branch offices to head office , but branch to branch communication not happening.Is there any version compactibility there . I choose ASDM VPN setup wizard.
Please advice me....
Best Regards,
Rinchuraj
06-27-2013 09:25 AM
did you use RRI?
set reverse route to dynamic map see if it works.
Sent from Cisco Technical Support iPhone App
06-27-2013 10:13 AM
I am here with attaching the running configurtaion of HQ & two Brach offices.
I can communicate from HQ to both braches but spoke to spoke communication (Brach1-Brach2) is not possible.
This is a sample lab setup configuration which i want to implement on my live enviornment.
In live case my braches are connected with PPoE connection.
The Address details which i am using in this lab setup is given below:
HQ:
ouside : 93.1.1.1/24
inside:172.16.10.1/24
Brach1:
outside :83.1.1.1/24
inside:172.16.20.1/21
Brach2:
outside :73.1.1.1/24
inside:172.16.30.1/21
Pls check & advice me for it..
Please find the attached link
regards
Rinchuraj
06-28-2013 07:24 AM
Hi Shaoqin,
Thank you for your support and I got the branch to branch communication with above attached configuration . Please advice me this configuration will work with ASA 5512 version 8.6(1)2 and 5505 8.2(5)...
Thank you one again!!!!!!
Best regards,
Rinchuraj
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide