I have a requirement to create a site to site vpn tunnel on ASA 5510 from a remote site to my HO, ihave already other site-to-site tunnels are up and running on the ASA.The issue is my remote site has got the network address which falls in one of the subnet used in HO(192.168.10.0/24).My requirement is only My remote site need to accees couple of my servers in HO which is in 192.168.200.0/24 subnet.
we have two ASA 5510s one in 8.4(4) and one in 8.2(5) in a site-to-site VPN setup. All internal traffic is working smoothly.Site/Subnet A: 126.96.36.199 - local (8.4(4)) Site/Subnet B: 192.260.0.0 - remote (8.2(5)) VPN Users: 188.8.131.52 - assigned by ASA When you VPN into the network, all traffic hits Site A, and everything on subnet A is accessible.
Site B however, is completely inaccessible for VPN users. All machines on subnet B, the firewall itself, etc... is not reachable by ping or otherwise.There are also some weird NAT rules that I am not happy with that were created after I upgraded Site A ASA to 8.4
Site A internal: 192.160.x.x External: 55.55.555.201(main)/202(mail) Site B (over site-to-site) is 192.260.x.x External: 66.66.666.54(all)
I pretty much just have the basic NAT rules for VPN, Email, Internet and the site-to-site.What do I need to add for the VPN to be able to access the site-to-site network?
I have a cisco ASA 5510 at the branch here. It terminates about 8 vpn tunnels and also it supports remote access clients. I just have a quick question. Can my remote sub-net group access the other remote access site-site VPN subnet group. If yes then how should i configure it.
I have a Sito-to-Site VPN between two ASA 5540 outside interfaces.I'm trying to configure ssh radius authentication on one of them but the Radius server is located behind the other ASA.When I try to connect to this ASA outside interface using my radius credentials, the communication to the radius server goes in timeout.It seems that the ASA doesn't use the crypto map to route the request to the Radius server.
I have a Sito-to-Site VPN between two ASA 5540 outside interfaces. I'm trying to configure ssh radius authentication on one of them but the Radius server is located behind the other ASA. When I try to connect to this ASA outside interface using my radius credentials, the communication to the radius server goes in timeout.
It seems that the ASA doesn't use the crypto map to route the request to the Radius server.
I setup RA-VPN under local asa 5510 IP pool (192.168.127.0/24) and all was working fine. I got internet and local network access. Then i have 5 site to site VPN working fine but when im traying to access to those L2L VPNs from the remote acces client im not able to do that. So after that i decided to obtain IP addresses from my DHCP server so i can obtain IPs from my local network (172.17.16.0/16) and then access normally to the VPN site to site. But the surprise was that the VPN cisco client is getting local IP address (172.17.16.222) perfectly but im not able to access even to my local network.
I have the same-security-traffic permit inter-interface same-security-traffic permit intra-interface enable.
I have a ASA 5510 actve/standby and create one site to site VPN with remote peer ip address xx.xx.xx.xx, Our VPN traffic running on 6 mb internet link for video conferancing traffic.Now client give another link 2 mb internet and client told to us our data traffic runnig on 2 mb link but this data traffic running on the same remote peer IP xx.xx.xx.xx.
Secondly request also they need failover over the ISP link.
I have a situation where I need to have remote users vpn into my ASA 5510 and then turn around and hit a site to site tunnel. Now when I am in our office I can hit the site to site vpn fine. When I am at home and vpn to the asa I can not get to the site to site resources. Do you see where my config is incorrect? result of the command: "show run"
I'm attempting to configure an for both site-to-site and remote access VPNs. The site-to-site is working fine, however when I connect using the Cisco client, after initial connection and password prompt I get a "not connected" status. The log states that a policy map match could not be found. I have successfully set the unit up for remote access with no site-to-site and ran into another host of issues when adding the site-to-site to the working remote access config, so I started over setting up site-to-site first. I've attempted this through ADSM (hate it) - the current configuration is via CLI. I'm certain I'm just missing a piece or two.
site A : ASA 5510 VPN gateway for remote users LAN 192.168.192.0/22 site B : ASA 5505 LAN 192.168.208.0/22
Both sites are connected through a site to site VPN.Remote clients (AnyConnect/VPN client) can connect to Site A LAN and see machines on LAN A but cannot see Site B LAN.
Here is a part of my configuration :
On Site A (ASA 5510) -------------------------------- name 192.168.192.0 SiteA_Internal_Network name 192.168.208.0 SiteB_Internal_Network name 192.168.133.0 VPNPool_AnyConnect name 192.168.133.32 VPNPool_VpnClient
The scenario where a Site to Site VPN tunnel has been established between Site A and Site B. Lan on Site A can ping Lan on Site B. My problem is a Printer behind Site B needs to be accessed by using the WAN IP address of Site A. Also i could not ping the remote lan or printer from the router.
Below are my configure on the Cisco 877 in site A.
Building configuration... Current configuration : 5425 bytes ! ! Last configuration change at 15:09:21 PCTime Fri Jun 15 2012 by admin01 ! version 12.4 no service pad
cisco products and am struggling getting a VPN going between an ASA 5505 and 5510. I have a VPN created (using the VPN wizward on both) and it shows the VPN is up, but I can't ping the remote site (from either side).
Our Headquarter (asa 5510) is running a site to site vpn connection with a Branch office (router 2811). All remote users are accesing the internet through the VPN and also accesing headquarter file servers.I want to know if there is a way for some remote users to be able to use the vpn for accesing the file servers but to access the internet through the branch office. The rest of the remote users will be still accessing the internet through VPN.
I've setup a site to site vpn on an ASA 5510 using ASDM (as I have many times before) and the tunnel appears to be up but I am not able to pass traffic. When I run the packet tracer from my inside network to the remote destination network, it shows that it is blocked by the implicit deny ip any any rule on my inside incoming access list.
I have a ASA 5510 that has multiple site to site VPNs. I need to create an additiona site to site VPN but only allow 1 host to access and traverse the tunnel. The network is on a 192.168.5.x but the host that will need to access this tunnel needs to be on a 172.16.33.x network. I dont want any other traffic allowed to access or traverse the VPN tunnel for this host. How can I set this up?
Our HQ office has an ASA 5510 with full access to internal and external IP's. We have a small group of remote users that are working from a shared office suite and they only have Internet access by way of internal default gateway. Using a VPN client is not desirable due to many other devices requiring access to HQ. Is there a way to create a site-to-site VPN from this remote office space back to HQ (ASA 5510) if they have no access to the public IP address on their end?
I have problem with accessing servers through site-to-site vpn from ASA which makes this site-to-site vpn and has enablerd Clientless VPN.Reason why I need it / What I need to do:ASA 5510 has enabled Clientless VPN and on this portal is allowed users to go to URL of internal servers through bookmars. We are using it when somebody could not access IPSec VPN or is in internet cafe. So this user logs into clientless vpn and click on bookmark to access mail server for exmaple. But there is problem, asa cannot access this server through site-to-site VPN.
Network:Here is quick design of my network.I don't have problem access server in VLAN 159 from VLAN 10 or 100. But I need to be able access servers in Vlan 159 from ASA 5510 which has IP address 192.168.1.4.I have this subnet which ASA belongs in BEFORE-NAT object in same place as VLAN 10, 100 are and in Site-to-Site vpn profile.
i have 2 router asa 5505 with base license i wanna make site to site vpn connection and remote site using vpn client to connect first i have hdsl router with 5 public ip i wanna try it by giving 1 public ip to each router and try the vpn but nothing work?
I have a site to site VPN tunnel configured between a rv220w and rv180. Everything works fine going from site to site on LAN connections. I'm now trying to tie in the remote site wireless (rv220w side) by pointing radius to my ACS server which is on the other side of the site-to-site tunnel but it seems as though it doesnt route across the site to site tunnel. If i put a radius server on the local lan on the remote site that authentication works fine. I have confirmed there are no ACL problems. the RV220W capable of using a radius server across the vpn tunnel?
I've setup my ASA 5510 to use AAA to my Windows Server 2008 NAP. After many hours of troubleshooting I got my setup to work. The only thing I'm not satsified with at the moment is, that RADIUS is using PAP for communicating between ASA5510 and W2K8/NAP.I've tried ticking the box "Microsoft CHAPv2 Capable" box under Users/AAA => AAA Server Groups => Edit AAA Server.From EventViewer on W2K8/NAP I get Event ID 6278 and 6272., see attached filehow I change from the PAP to the CHAP protocol? PS: ASA 5510 running ASA version 8.2(4) and ASDM version 6.3(5)
I have two Cisco routers - 2911 in HQ and RV180 in branch office. Because in HQ LAN network I have some development servers, to which guys from branch office need to have acces, I decided to setup VPN site-to-site between HQ and branch office. Everything went quite smoothly, on both devices I see, that ipsec connection is established. Unfortunately I am not able to ping resources from one network to other one and vice versa. Below is the configuration of 2911 router (I skipped som unimportant (imho) configuration directives) :
It's been a long time since I played in Cisco CLI.Using a Cisco 506 Firewall 6.3(4) PDM 1.0?Problem is I created a site to site tunnnel with a vendor and since then our remote VPN does not work. Completely times out so I am sure I broke something in the crypto map or something similar.
Tunnel is policy 10 using access-list 101 Remote VPN is Policy 20
Remote-access users aren't able to reach our remote network through a site-to-site VPN tunnel between two ASA 5505's.
I've seen several threads about that here, I've run through the walkthrough at [URL] I've taken a stab at setting split tunnelling and nat exemption, but it seems I'm still missing something. Remote-access users can reach the main site, but not the remote site.
Remote-access (vpn-houston) uses 192.168.69.0/24. The main site (houston) uses 10.0.0.0/24 The remote site (lugoff) uses 10.0.1.0/24
At the main site, I have 3 5508 WLCs each part of a mobility group (wlcMain-MG). In NCS, under "System/Mobility Groups" for each controller, I see each controller listed as "local" with the other Controllers listed with the group name "wlcMain-MG". None of the SSIDs are "anchored".
I have a new site with a 2500 series WLC that I would like to push out 2 SSIDs. This site contains two customers. One customer is the Main customer with the second customer leasing space.
I have the Cust2 WLAN at the remote site set to have traffic egress out of a local interface on the 2500 WLC (this traffic is then tunnelled back to their Main location via an ASA which houses the DHCP scope for that vlan). I can connect to this SSID, obtain an IP Address off the ASA and am tunnelling without issue.
For the Cust1 WLAN at the remote site, I would like to broadcast an SSID from the Main location on those same APs which are registered to the 2500. It is my understanding, that I anchor the SSID at the Main site and identically configure the SSID at the remote site. This will allow the end user to authenticate to the RADIUS server at the Main site and be placed upon the correct vlan (we are using DOT1x and dynamic vlans).
For my test, I am starting simple. I have created a test WLAN with no authentication. At the main site, on 5508 WLC3, I have created the test WLAN, and placed the interface into a low security vlan (call it VLAN-low). I have anchored this test WLAN to that controller. At the remote site, I have created the same WLAN (but placed it into the management interface for now - the VLAN-low does not exist at the remote site) and configured that WLAN to anchor back to the WLC3 at the main site. I am unable to obtain an IP address from the remote site. I have placed the remote site WLC in the wlcMain-MG as well. How close does the code need to be on the controllers - the 5508s are at 184.108.40.206 and the 2500 is at 220.127.116.11? What could I be missing?
We have successfully establish a site-to-site vpn, but we have some difficulties when PPTP users try to access the remote network linked by this tunnel. LAN users can access the remote network without problem, but users who are connected remotly to the lan (PPTP) can't access computer on the remote network. Is there a way to allow PPTP user to access the remote network ? Adding a route ?
I have a site-to-site VPN already established, everything is working as it should. I'm trying to block the remote network from accessing our network since we only need to access theirs. I'm sure this is something very easy to implement with an ACL but I'm not sure where this rule needs to go. The VPN is on ASA 5505.