I haven't configured this same setup before , but i will tell you
that in theory it will work, most times if it can work in theory ,
it works 99.01% in practical (from personal experiences)
Yes, the ASA can be configured as an EZVPN server , while the remote
end router firewall can be configured as an EZVPN client in client
mode and everyone including software vpn client should connect fine.
On 5/13/10, Martin Hogan <martin.john.hogan_at_gmail.com> wrote:
> OT: Possible to have L2L IPSEC (Dynamic IP address) clients[IOS] and regular
> IPSEC VPN Clients (Dynamic IP address) connecting to the same ASA/PIX(Static
> IP address)
>
> Disclaimer: "I'm not a firewall guy"
>
> Hi All,
>
> As the subject line says; I've got an odd requirement for a customer to have
> a last minute ultra urgent branch office turned up but the only connectivity
> option available is a dynamic IP address based Internet link, thus moving
> away from the existing / known working setups.
>
> This ASA already has IPSEC VPN Clients (Cisco clients running on Windows)
> that connect and work fine.
>
> It would seem as if its possible, but I think I must be missing some config
> at the ASA/PIX end, the unit connects, negotiates Phase 1, then fails
> (deletes the SA) with no errors in debug crypto isakmp sa pointing to the
> issue that I can see.
>
> The ultra urgency and last minute being the part which is causing me to ask
> here rather than build the lab, configure, test, configure test which would
> be my preferred option.
>
> If anyone could tell me it definitely can work that would be a big help,
> even better if anyone can note the specific requirements (config) for it to
> work.
>
> Cheers all
>
> Martin.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Warm Regards , Beauty Blogs and organic groups at http://www.ccie.netReceived on Fri May 14 2010 - 16:22:40 ART
This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:53 ART