Cisco VPN :: ASA 5520 / Site To Site Failover VPN Connection And Routing?

Apr 8, 2013

We have 3 sites, with a Cisco ASA 5520 at each location.
 
HQ (Headquarters)              internal network: 172.16.110.0/24,
DR (Disaster Recovery)       internal network: 172.16.120.0/24
BO (Branch Office)               internal network: 172.16.150.0/24
 
HQ and DR have a 100Mbps permanent MPLS link between each other.Branch Office has a Site 2 Site VPN connection to HQ. If it fails, it establishes a Site 2 Site VPN connection to DR. This works perfectly.Now the routing issue... There is no route to the BO in the routing table at HQ/DR. The default gateway is used to reach the BO and that works for HQ when the VPN is between HQ/BO. If the VPN fails over to DR/BO, HQ can't reach BO anymore.I need to have some kind of conditional route injection from the ASA where the VPN is established. I was considering a tracked static route, but I was wondering if the S2S VPN itself has a functionality to do so. I thought the Reverse Route Injection was it but it's enabled on our crypto map and doesn't seem to work...

View 4 Replies


ADVERTISEMENT

Cisco VPN :: Site-to-site Failover On ASA 5520 / 3945 Routers

Jan 23, 2012

I am building a site to site VPN from our headquarters to a customer. I am using an ASA 5520. The customer is using Cisco 3945 routers. The customer has two VPN termination points. The customer requests that we make one of their termination points the primary VPN connection and make the other termination point the backup in the event that the primary VPN fails. How do I configure this on the ASA? Does the below configuration fulfill this goal?

View 3 Replies View Related

Cisco VPN :: VPN Site To Site Connection ASA 5520 And 5505

Nov 5, 2012

We have a site to site client that is having issue with intermittent disconnects.  The Main endpoint is a CIsco ASA 5520 8.4.3 and the remote site has a a Cisco ASA 5505 8.2.5.

If we have a disconnect, we can "logout" of the Main ASA and the connection seems to find itself and traffic will flow.  This take place about every 1 - 5 minutes but if you reset the crypto (which I am assuming you do) by logging out under the Logging Monitor Session - ikev1 sessions.  It all starts right back up.

I am stumped. At first I thought MTUs but I am not sure that is the answer.

View 1 Replies View Related

Cisco VPN :: 5520 Requirement To Terminate Site-to-site VPN From Remote Site

Jun 17, 2012

We have ordered a pair of Cisco ASA5520 (ASA5520-BUN-K9).Now there is a requirement to terminate site-to-site VPN from remote site. Do we need VPN plus licence for this and how much it cost?

View 1 Replies View Related

Cisco VPN :: ASA 5520 - Routing Traffic Between Two Site To Site Tunnels

Feb 24, 2013

I am trying to establish routing between two Site to Site vpn tunnels, both of which are terminating on the same outside interface of my Cisco ASA.
 
find attached Network Diagram for the same. All Firewalls used are Cisco ASA 5520.
 
Both VPN tunnels between Point A and Point B, Point B and Point C too are up. I have enabled Same security level intra interface permit command also.
 
How do i enable traffic originating from LAN Subnets behind Point A to reach LAN Subnets behind Point C without having to create a Seperate tunnel between Point A and Point C

View 5 Replies View Related

Cisco VPN :: ASA 5520 / Routing Site-to-Site VPN To Remote Users?

Oct 29, 2011

We have a site-site and remote vpn configured in same interface in ASA 5520 ( software version 8.3  ). When Remote vpn users try to connect to computers located on the distant end of site-site VPN, their request failed. I tried No-Nat between  remote vpn private IP to the remote site private IP, also stated the same in Split tunneling. I cant find even the tracert, ping also timed out.

View 7 Replies View Related

Cisco VPN :: ASA 5510 - ISP Site To Site Failover With Single Remote Peer Address

Apr 16, 2011

I have a ASA 5510 actve/standby and create one site to site VPN with remote peer ip address xx.xx.xx.xx, Our VPN traffic running on 6 mb internet link for video conferancing traffic.Now client give another link 2 mb internet and client told to us our data traffic runnig on 2 mb link but this data traffic running on the same remote peer IP xx.xx.xx.xx.
 
Secondly request also they need failover over the ISP link.
 
how we immplement the same on ASA 5510.

View 0 Replies View Related

Cisco VPN :: ASA5510 ISP Site To Site VPN Failover With Load Balancing

Apr 16, 2011

I have a ASA5510 actve/standby and create one site to site VPN with remote peer ip address xx.xx.xx.xx, Our VPN traffic running on 6 mb internet link for video conferancing traffic.Now client give another link 2 mb internet and client told to us our data traffic runnig on 2 mb link but this data traffic running on the same remote peer IP xx.xx.xx.xx.Secondly request also they need failover over the ISP link.how we implement the same on ASA 5510.

View 0 Replies View Related

Cisco Firewall :: 5510 Site-to-Site VPN Failover

Mar 15, 2011

I configured ASA 5510 using dual ISP( Failover). Now my ASA working fine. Here my problem is My ASA 5510 configured for Site to Site VPN also.How my VPN switch to Secondary ISP automatically when primary ISP fails.

View 2 Replies View Related

Cisco VPN :: ASA 5505 Site To Site Connection / Remote Site?

Mar 6, 2011

i have 2 router asa 5505 with base license i wanna make site to site vpn connection and remote site using vpn client to connect first i have hdsl router with 5 public ip i wanna try it by giving 1 public ip to each router and try the vpn but nothing work?

View 1 Replies View Related

Cisco VPN :: Site-to-site Vpn With Failover ASA5520

Sep 25, 2011

One local site where i have one ASA5520 . I have to create a site to site vpn with the remote site1 and site 2.vpn with site1 is primary and other is backup. local address on ASA is 192.168.10.10 and on the remote site1 and site2 is 10.10.10.1.I have to make sure that if vpn with the site1 is active then the routing for 10.10.10.1 should be towards vpn to site1. and if it goes down then failover to vpn2 to site 2.In case if the vpn1 to site1 comes up, the traffic should shift to VPN1 to site1.Access is from ASA5520 end client to the remote server.

View 7 Replies View Related

Cisco VPN :: ASA5520 - Site-to-site VPN With ISP Failover

Apr 15, 2013

I am using the Cisco ASA 5520 with Software Version 8.2(3).  I have several site-to-site VPN connections and two separate ISP connections.  I have set up the SLA tracker for the dual ISP so that if one fails the other one takes over.  But I don't know how to do the same for the site-to-site IPSec VPN tunnels.  I have read a few discussions on the Cisco Support Community but I am really confused about what to do.  I have two outside interfaces:  outside and WAN2.  I understand you can only apply the crypto to one interface so how would I make the change to allow the VPN to failover when the primary ISP were to fail?
 
Here is my configuration for the cryptos and SLA tracker:
 
crypto map outside_map 10 match address ACL_VPN_1
crypto map outside_map 10 set pfs
crypto map outside_map 10 set peer x.x.x.x x x.x.x.x
crypto map outside_map 10 set transform-set NAME_SET
crypto map outside_map 10 set security-association lifetime seconds 28800
crypto map outside_map 10 set security-association lifetime kilobytes 4608000(code)

View 3 Replies View Related

Cisco VPN :: ASA 5510 / Failover For Site To Site VPN?

Nov 24, 2010

I have configured ISP failover on ASA 5510 its working fine, when Primary ISP fails, Traffic is shifting to secondary ISP. On the ASA i have configured Site to Site VPN its working fine on primary ISP, when failover happens to the secondry ISP. Site to Site VPN should work on the secondry ISP.

View 3 Replies View Related

Cisco VPN :: Establish Site To Site IPSec Tunnel Between ASA 5520 And 3030?

Feb 17, 2013

We have configured a site to site tunnel from our ASA to another organizations Cisco 3030.  It appears to have just one way initiation.  We can do a ping to a device on the remote site and it will ping just fine.  however, when the tunnel needs to be initiated from the remote site, it will not work until we have initiated the tunnel and then everything works.
 
I continue to see Error processing payload: Payload ID: 1 errors on the ASDM logs.It appears that all the configuration is in place because we can in fact establish the IPSec tunnel unidirectional.  And once established, traffic can flow bidirectional.

View 1 Replies View Related

Cisco VPN :: What Are Possibilities That Exist For Running Site-to-site Vpn In Environment 5520

May 23, 2013

What are the possibilities that exist for running a site to site vpn in our environment with the following infrastructure Cisco ASA 5520 - running on a multiple context mode
 
-Cisco 3750 switches
-Microsoft TMG
 
I believe these options are limited in terms of providing end point for VPN.Is there a VPN module that we can buy for 5520 to run IPSEC VPN?

View 2 Replies View Related

Cisco VPN :: Asa 5520 Vpn Client On Stick Access From Site To Site

Mar 15, 2012

Have asa 5520 ver 8.0(4) I have vpn client access created and working I have l2l vpn created and working with another set of asa The issue at hand VPN client from internet connects and authenticates, this client can access Site A's networks with no problems. However vpn client on Site A ASA can not access Networks through l2l tunnel located at Site B.

View 2 Replies View Related

Cisco Firewall :: To Setup Syslog For Site-To-Site VPN ASA 5520

Sep 20, 2011

Any step by step guide to setup syslog for site to site VPN.(in ASA 5520)Just send me the step to monitor site to site vpn using that in ASA 5520.

View 2 Replies View Related

Cisco Firewall :: 5520 Slow Performance Through Site To Site Vpn

Mar 12, 2012

I'm having slow performance thru a Site to Site VPN. I have an ASA 5520 in each site with the version 8.2(4) in both ASA's. I have a 20Mb internet service in one side and in the other side I have 50Mb. When I transfer a file from the Sita A to Site B I get a transfer rate of 130KB/S.

View 1 Replies View Related

Cisco VPN :: 5520 IPsec Site-to-Site VPN Multi-session?

Mar 14, 2011

I recently faced an issue at work. Clients want  to make ipsec site-to-site vpn redundant. I have 2-asa-5520 working in a stack. Is it possible to configure site-to-site vpn in a redundant mode, like first peer ip address is x.x.x.x and secondary is y.y.y.y (backup) ?

View 1 Replies View Related

Cisco VPN :: 5520 And 5505 Site-To-Site Tunnel Between Two ASA

Apr 2, 2013

I am using the Site to Site Wizard on an ASA 5520 and ASA 5505 from the ADSM. Both are using 8.4(5). When you create the configurations. Do you have to follow up the wizard configurations with manual ACL's to allow for traffic from each connected subnet to talk to each other? Or are they automatically generated in the configuration file? Have not been to school yet to properly understand how to create the VPN tunnels from the CLI and what to look for.

View 2 Replies View Related

Cisco VPN :: Site To Site VPN Between ASA 5520 And Avaya VPN Phone

Oct 1, 2012

I am configuring Cisco ASA 5520 site to site vpn with Avaya VPN Phone? According to Avaya, the Avaya 9630 phone acts as a VPN client so a VPN router or firewall is not needed.

View 3 Replies View Related

Cisco VPN :: Establish Site To Site VPN Between ASA5510 To 5520

Jul 26, 2011

I'm trying to establish site to site VPN between ASA5510 to ASA5520, scenario. [code] our Vendor said to nat the local network to specific ip and use that ip as local pool,here the configuration details [code] i create static nat but its doesn't work for me phase 1 is not up, how to create nat local network to 10.10.10.10.

View 9 Replies View Related

Cisco VPN :: 5520 / Internet Over Site-to-site Tunnel?

Jul 7, 2011

One of our remote sites want to use our firewall for internet access. We have setup a site-to-site VPN with a default route from the remote site to us. All traffic is routed to our firewall (5520). VPN traffic works perfect. Now the internet does not work for our remote site. Is it possible to route internet over the site-to-site tunnel?

View 3 Replies View Related

Cisco VPN :: 5520 Site-2-site / How To Telnet Ssh Other Side

Jun 1, 2011

I have a working site2site between 2 ASA5520 8.2(3)I want side A to be able telnetssh to side B's ASA.using the telnet command would do it or should I also add an access-list?

View 6 Replies View Related

Cisco VPN :: ASA 5510 / 5520 Site-to-Site VPN Hangs?

Jul 31, 2011

I  have multiple site-to-site vpns using ASAs 5510 and 5520, tunnels were  configured 3-4 years ago, and all these 3-4 years one vpn tunnel hangs  until I clear isakmp sa peer. When I say hangs, I mean I can see the  tunnel is UP and MM_ACTIVE with sh crypto isakmp sa, but I can not ping  the remote subnets. When I clear the tunnel, it somes up again and  communication is successful.

View 2 Replies View Related

Cisco Security :: VPN Site-to-site And Client On ASA 5520 On Same Outside

Jun 21, 2012

i have an ASA 5520 Version 8.0(2), i configured the VPN site to site and works fine, in the other apliance i configured the VPN Client for remote users, and works fine, but i try to cofigure the 2 VPNs on ASA 5520 on the same outside interface and i have the line   "crypto map outside_map interface outside (for VPN client)", but when I configure  the "crypto map VPNL2L interface outside, it overwrites the command", and therefore I can only have one connection. [code]

View 36 Replies View Related

Cisco VPN :: Site-to-site IPsec ASA 5520 And Router 891

Jul 18, 2012

I try configure VPN site to site, with ASA 5520 and Ruter 891.The topology is LAN-->ASA 5520-->INTERNET<--ROUTER 891<--LAN.
 
The configuration of the VPN site to site on ASA5502 is UP, but in Router 891, I dont understand the commands. url...

View 2 Replies View Related

Cisco VPN :: 5520 - Site To Site Vpn Failing Randomly

Aug 4, 2011

I have a pair of ASA 5520s configured in failover mode that also acts as VPN endpoint for about 25+ site to site ipsec VPNs.  Of the 25 sites, 2 sites consistantly are having VPN issues while the other sites never have this issue. 
 
For example, at a branch office the network is 192.168.1.0/24, and at the headquarter the ASA has an interface with network 192.168.254.0/24.  VPNs are setup to tunnel all traffic destined to the headquarter network 192.168.254.0/24 and a couple of other networks with public IP addresses not directly connected to the ASA. 
 
When the issue occurs, I can ping anything in the 192.168.1.0/24 or the 192.168.254.0/24 range across the VPN, but I cannot ping anything in the public IP range.  ASDM reports that the tunnel is up.  Restarting the routers at the branch offices do not work.
 
So far, I have been able to resolve the issue whenever it occurs by doing the following, however this issue happening more and more frequently:
 
first, try killing the VPN tunnel and wait for the router and ASA to re-establish the tunnel, sometime that works.  If that doesn't work, I would failover to the standby ASA.  Sometime even that doesn't work, then I have to reload the standby ASA before I failover to it.
 
  All these site to site VPNs are setup the same way for the same purpose (to tunnel ad/exchange traffic), and this issue only happens to 2 of the branch offices which are using different ISPs - I even switched one of the 2 offices to a different ISP and router recently - still have the same issue.

View 1 Replies View Related

Cisco VPN :: 5520 Slow Speed Through Site-to-Site VPN

Mar 12, 2012

I'm having slow performance thru a Site to Site VPN. I have an ASA 5520 in each site with the version 8.2(4) in both ASA's.I have a 20Mb internet service in one side and in the other side I have 50Mb.
 
When I transfer a file from the Sita A to Site B I get a transfer rate of 130KB/S

View 2 Replies View Related

Cisco Firewall :: ASA 5520 K8 - IOS Upgrade And Site To Site VPN

Feb 20, 2013

I have asa 5520 k8 model presently i am running with IOS version 8.0(4) i am upgrading to 8.2(5) is ? any license required from Cisco to upgrade to this IOS, and also let me know how many site to site vpn can be configure on this device.
 
Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 150
Inside Hosts                  : Unlimited
Failover                     : Active/Active
[code]...
 
This platform has an ASA 5520 VPN Plus license. Serial Number: JMX1051K2S5.

View 3 Replies View Related

Cisco VPN :: ASA 5520 Support Dynamic IP For Site To Site?

Jun 29, 2011

Can the ASA 5520's support dynamic IP for site to site VPN

View 1 Replies View Related

Cisco WAN :: Site-to-Site VPN Tunnel In ASA 5520

Mar 21, 2011

I've  got a problem,We are having site-to-site VPN tunnel connected with our  Client. Usuall the users connect  remote virtual desktop(may be Vmware)  through the L2L tunnel. The problem is that the remote desktop gets  disconnect intermittently(around 4 to 5 times a day) and automatically  reconnects after around 40Seconds or so. I can't find any problem with  the L2L tunnel as it is showing up for the last 6 hours or so.Also there  is no packet drops(RTO) when I ping the peer IP.

View 9 Replies View Related

Cisco VPN :: Site-to-site Vpn Between ASA 5510 And 5520

Sep 25, 2012

I am having a  Site to site vpn between my ASA 5510 and ASA 5520.Tunnel is work s fine... but i see sometime the SA breaks down even through there is interesting traffic from one location to other.  if do reinitiate the traffic  the SA will come up. [code]

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved