I’m trying to configure both Cisco ASA and Digi WR11 in a situation, where Digi is coming from dynamic public address towards Cisco ASA, utilizing Easy VPN with Network Extension Mode. Document AN36 is closest to what I want, but only gives example configuration regarding EasyVPN Client Mode, not NEM mode enabled.
I fairly familiar with ASA configuration, but I keep banding my head towards Phase2, where error from the ASA says: “Group = digieas-ezvpn-group, Username = digieas-ezvpn-user, IP = 85.76.47.253, Aborting Connection: IKEv1 RA client which did not request an assigned IP is attempting to establish a phase 2 SA for 192.168.243.0.”
Sure the client (Digi) does not get a virtual IP as the Digi is configured not to request that (Virtual IP request: Off), and because in ASA side the tunnel-group is configured to be ‘nem enable’ without any ip local pool. The network 192.168.253.0/24 is the LAN network in Digi router side.
The document AN36 only refers that NEM is supported by Digi, but I cannot find any related documentation on example configuration, so ASA is configured the best of my knowledge with NEM enabled, but still the error remains.
Any chance anyone here have configured similar to this?