Cisco ASA Series 3: Easy VPN Remote

Cisco ASA Series 3: Easy VPN

Businesses with multiple locations can establish secure connectivity with Cisco Easy VPN hardware devices. Secure connectivity can be established with minimal configuration due to Cisco Easy VPN hardware devices. There are two types of Cisco Easy VPN appliances: clients and servers.

Cisco Easy VPN servers push security policies to remote sites so they are up-to-date before establishing a connection. Cisco Easy VPN clients maintain minimal VPN configurations and connect to Easy VPN servers to obtain complete configurations by connecting to their minimal VPN configurations.

Cisco Easy VPN simplifies configuration by:

  • Eliminating the need for hosts at remote site to run a VPN client
  • Storing security policies on a centralized server, pushing them out to remote hardware clients when a VPN connection is established
  • Minimizing the number of local configuration parameters

To begin, click VPN in the left-hand navigation pane, and the click Easy VPN Remote.

Fig 1.1- Cisco Easy VPN Remote

Check the enable Easy VPN Remote checkbox to begin the configuration.

NOTE: Because of design, an ASA 5505 cannot run different types of tunnels if it is running Easy VPN Remote.

You will not be able to make changes to IPSec or remote access VPNs while Easy VPN Remote is enabled.

Easy VPN Remote can operate in one of two modes: client and network extension modes. 

Client mode isolates all devices on the client network from those on the enterprise network. The Easy VPN client will perform PAT for all VPN traffic for its inside hosts

Network extension mode makes the inside interface and all inside hosts routable across the tunnel and on the enterprise network. 

Below is the configuring Easy VPN Remote to operate in client mode

Fig 1.2- Cisco Easy VPN Remote

In the Group Setting, select the option for a pre-shared key. Specify a group name of Easy VPN and a group password of cisco.

Under User Settings, specify the username and password to be used by the ASA 5505 when establishing a connection. We will be using EasyVPN1 with a password of cisco.

In the last option, specify an Easy VPN server to connect to. In this lab we will be using When you are done, click the Add button. 

Fig 1.3- Cisco Easy VPN Remote

It is completed once you add the above parameters in the ASDM box. When you are done this section, make sure you uncheck the Enable Easy VPN Remote box. 

No comments