I have several Cradlepoint devices that will be establishing a S2S VPN connection via 4G back to a Cisco 5520 headend. The Cradlepoint will have dynamic ip addresses, and the 5520 is static. So it will be a dynamic crypto map - DefaultL2LGroup. My question is do all of these Cradlepoints have to have different local subnets (remote from the ASA's perspective) in order for this to work?
Reason I ask is I have the clients behind the Cradlepoints receiving their DHCP from our DHCP system in the same data center as the ASA. Basically I've created one subnet for all clients behind different cradlepoints to use. So Cradlepoint01-Client01 might get 10.10.3.25 and Cradlepoint02-Client01 might get 10.10.3.26. The configuration on each CP is basically identical, and crypto map on the ASA set for 10.10.3.0/24 as the remote network. One tunnel is working fine, when I bring up 2 it introduces problems, some type of conflict and it's not working.
No comments:
Post a Comment