Cisco VPN :: ASA5510 - Sample Configure VPN Site To Site On ASA 5512-x V.9.1

Mar 18, 2013

sample configer ASA 5512-x v.9.1 for VPN site to Site, i use to configure on ASA 5510 V.8.2 but on ver 9.1 i never configure. my is use that i dont know to how to configure nonat. i saw some configration as in the attach file they just to show configure VPN but we did not see nonot on command.

View 2 Replies


ADVERTISEMENT

Cisco VPN :: Configure Site-to-site VPN Using 881 Router On End And Connecting To ASA5510?

Aug 22, 2011

I need to configure a site-to-site VPN using a Cisco 881 router on my end and connecting to an ASA5510 on my suppliers end.Our supplier has configured their end and I do not have access to their configuration.
 
They told us we have to NAT all inside address' to a single address (192.168.89.1) as this is the only one they will let through their firewall/tunnel.I know how to set up the VPN but not too sure how to set up the NAT part.
 
My sanatized config is attached. The code I am using to NAT my inside network to the single address 192.168.89.1, and send all traffic accross the VPN tunnel as this address is correct? With the router running this config the VPN tunnel does not connect.

View 2 Replies View Related

Cisco WAN :: ASA 5512 Route Internet Via Site To Site VPN Interface

Jan 16, 2013

How to route my internet traffice through the same interface where I have my site to site vpn configuried on.1) I'm using a ASA 5512 2) configuried a site to site VPN on g0/0 interface ( leased line with internet connect to the FW) 3) have a global IP assinged to the g0/0 ( site to site vpn established between two countries using global IP address at both ends ) ,4) security level 0 for g0/0 ,  LAN users inside( g0/1) security level 100 ,What i want to know is, how can i configure my LAN users to access internet via the g0/0 interface using the same global ip address assigned to it. not to route the internet through VPN,but i want to route it to my local ISP.

View 0 Replies View Related

Cisco VPN :: 5512-X Site To Site Access Rules?

Apr 2, 2013

I have recently upgraded from a Cisco Pix 515E to a Cisco ASA 5512-X. 
 
I am obviously having trouble considering the changes implemented in 8.2. I have set up the wan and lans appropriately, as well as the VPN's.  Everything is working at my location, and the VPN's are established as well.
 
I would like to be able to have full access in between all three VPN's and my location considering our web, email, DVR, and database servers are here.
 
I can't seem to ping or access my off site routers GUI pages the way I can with the PIX.
 
When I establish the mirrored rules on the firewall, I am able to do these things, but I lose internet at my current location.

View 1 Replies View Related

Cisco VPN :: Site-to-Site VPN Between ASA 5512-X And ASA 5505?

Jan 6, 2013

My client has an ASA 5512-X at the main location and an ASA 5505 at a remote office.  I have an active S2S vpn between the two locations for the remote office users to connect back to resources at the main location.  However, the issue I am running into is with getting their Cisco phones at the remote office to talk to call manager.  I set up a second vlan on the ASA 5505 at the remote office for the voice vlan.  However, I cannot get the traffic for this vlan to go across the S2S properly.  Also, they have a Cisco 2960S behind the ASA to connect the user PC's and phones to.  This switch can do some routing, but nothing like a true layer 3 switch.  I would prefer have just one inside vlan on the ASA for the switch to send all the data to, but that doesn't work with the 2960S I can tell the S2S is configured properly since when I try to ping a device from either side, the data makes it to the ASA and goes across the VPN tunnel.  However, it doesn't make it back.  This issue only happens on the interfaces that are not the inside interface.  All interfaces have the same security level as well and the option that allows networks with the same security level to talk is enabled.  I have tried everything I can think of to get the other 'inside' networks on the ASA to go across the VPN.

View 5 Replies View Related

Cisco VPN :: ASA5510 - Site To Site With Dynamic IP In One Site

Jan 27, 2012

i want configure VPN between backoffice which have ASA5510 firewall with static IP and site which have cisco router 1861 with dynamic IP.
 
how i can configure the site to site between them?

View 2 Replies View Related

Cisco VPN :: ASA5510 ISP Site To Site VPN Failover With Load Balancing

Apr 16, 2011

I have a ASA5510 actve/standby and create one site to site VPN with remote peer ip address xx.xx.xx.xx, Our VPN traffic running on 6 mb internet link for video conferancing traffic.Now client give another link 2 mb internet and client told to us our data traffic runnig on 2 mb link but this data traffic running on the same remote peer IP xx.xx.xx.xx.Secondly request also they need failover over the ISP link.how we implement the same on ASA 5510.

View 0 Replies View Related

Cisco VPN :: Reverse Route Injection On ASA5510 Site-to-site

Jul 29, 2011

We have two ASA5510's connected to two different ISP's and both able to initiate a site-site IPsec connection to a remote site. Depending on the state of the ISP's either ASA may initiate this VPN.We use Reverse Route Injection into OSPF for VPN clients and it works fine with the route being distributed when a client connects and disappearing when there are no clients.So we thought we'd try it for our site-site VPN's. Unfortunately when we enable Reverse Route Injection the routes are distributed regardless of whether the VPN is up or not, so if one ASA has initiated a VPN it's reverse route is distributed (which is what we want) but the other ASA also distributes a route for it's non-existent VPN. The result is that our gateway routers see two OSPF routes and can't ascertain which route is actually up.
 
Is there any way to distribute the route using Reverse Route Injection (or any other method) only when a site-site VPN is actually up? For various reasons we can't use BGP or other gateway routing protocols.Our ASA5510 are currently running IOS 8.2(1)

View 2 Replies View Related

Cisco VPN :: Network-access Between ASA5505 And ASA5510 (site-to-site)

May 9, 2011

we set up a site-to-site-vpn between a 5505 and a 5510 (both asa8.3.1). We configured both sides using the VPN-Wizard in the ASDM. When we try to ping from the network behind the 5505 (192.168.45.0/24) to any host behind the 5510 (192.168.0.0/24) the tunnel gets established but the ping doesn't get trough. After that we tried to connect via RDP to any host behind the 5510 and it worked well (same with ssh, telnet,vnc etc.). Now we want to map a network-share on a 2008-Server behind the 5510 but it's not working. In the ASDM-Log I see some "denied by inside-access in"-messages for the ports 139 and 445. Isn't it right that the whole traffic in the vpn-tunnel bypasses the acl? Even if we open both ports we can't connect to the network-share?

View 1 Replies View Related

Cisco VPN :: Multiple Site To Site IPSec Tunnels To One ASA5510

Dec 4, 2012

Question on ASA VPN tunnels. I have one ASA 5510 in our corporate office, I have two subnets in our corporate office that are configured in the ASA in a Object group. I have a site to site IPSEC tunnel already up and that has been working. I am trying to set up another site to site IPSEC tunnel to a different location that will need to be setup to access the same two subnets. I'm not sure if this can be setup or not, I think I had a problem with setting up two tunnels that were trying to connect to the same subnet but that was between the same two ASA's. Anyways the new tunnel to a new site is not coming up and I want to make sure it is not the subnet issue. The current working tunnel is between two ASA 5510's, the new tunnel we are trying to build is between the ASA and a Sonicwall firewall.

View 3 Replies View Related

Cisco WAN :: Site-to-Site VPN ASA5510 - 887VA Dropping Every 20 Seconds

Apr 21, 2013

I have an issue with a site-to-site VPN tunnel between a ASA5510 and 887VA.  I  have two tunnels connected to the ASA and one seems to be affected where by the tunnel is disconnected and brought up around every 20 seconds.  The tunnel is re-established instantly but this break in transmission is causing application issues.

View 2 Replies View Related

Cisco VPN :: ASA5510 Site To Site Tunnels Suddenly Goes One-way

May 15, 2011

I have a setup with a pair off ASA5510 on the central site, and approx 20 sites with ASA5505.A couple off network are configured as site to site tunnels to every remote site.Its very stable, but the last year or so ocassionally one of the tunnels go one-way.Just like one of the nat exeptions suddenly stops working.I can see the remote side transmitting packets, but no answer.Central site is running 8.22, want to upgrade but have to mount more RAM.The only cure i have found is to reboot the central pair off ASA5510, not very popular as all 20 tunnels goes down.

View 1 Replies View Related

Cisco VPN :: Establish Site To Site VPN Between ASA5510 To 5520

Jul 26, 2011

I'm trying to establish site to site VPN between ASA5510 to ASA5520, scenario. [code] our Vendor said to nat the local network to specific ip and use that ip as local pool,here the configuration details [code] i create static nat but its doesn't work for me phase 1 is not up, how to create nat local network to 10.10.10.10.

View 9 Replies View Related

Cisco VPN :: Establishing Site-to-Site VPN Between ASA5510 And Fortigate1000A?

Feb 8, 2012

I am trying to establish a Site-to-Site VPN to our customer. I am using ASA5510 and the customer was using Fortigate 1000A. The problem that we're having was regarding the IKE Phase 2, I think!. Cisco debug information indicates "All IPSec SA proposals found unacceptable!"

View 11 Replies View Related

Cisco VPN :: ASA5510 / Site To Site Vpn Access Blocked?

Sep 4, 2012

I have two sites connected using ASA5510 version 6.4(5)

   site A                                                     site B
10.8.0.0/20 -- ASA -------internet ------------ASA -- 10.6.0.0/24
 
From site A, i can vnc, rdp, telenet and ssh to site B, however from site B am not able to rdp, vnc telnet or ssh to site A (i can ping site A devices) guess am missing something in the policy but not sure if its in site A or Site B

View 4 Replies View Related

Cisco VPN :: Site-to-Site VPN Between C2921 And ASA5510

Jun 25, 2012

I setup site to site VPN between C2921 (site A) and ASA 5510 (site B). I am having problems with SA being deleted:
 
1: I can alwasy initiate VPN connection from Site B to Site A.
2: after VPN tunnel is up and idle for a while, SA is dropped and I lost VPN connection from Site A to Site B.
3: to get the connection back, I have to ping Site A from Site B
4: when the connection is established, it works fine!

View 3 Replies View Related

Cisco VPN :: ASA5510 Site-to-Site VPN Same LAN Subnets

Jan 21, 2013

I am setting up a VPN between my client and their owner, in order for the owner to access ressources at my clients site.Unfortunatly their owner already has an VPN connection to another site with the same subnet as the one on my clients site.I have setup a policy NAT to translate my clients internal LAN to a "NAT" LAN, and i can ping from my clients LAN to their owners LAN, but their owner can not reach any ressources at my clients LAN.
 
My client has a ASA5510 with a base license, but their owner has their firewall and routing "leased" or something like that, it actually was their ISP who configured the VPN settings. That means of course that i have very limited (no) access to the other site's firewall and I actually even dont know make and model of it.
 
And last but not least, the subnet the Owner needs to access is on my clients Core Switch and the ASA has an internal route to it.I have pasted in a interresting parts of the ASA config here below, the displayed subnets are not the real ones . [code]

View 2 Replies View Related

Cisco Switching/Routing :: ASA 5525 - Configure Site-To-Site IPsec VPN To 3 Peers

Nov 21, 2012

I have an ASA 5525 and need to configure site to site ipsec vpn to 3 peers. I currently have an existing /28 public address from my ISP that is used by other services.Is there a way to use this existing ip range to configure IPSEC tunnels to 3 peers ?

View 10 Replies View Related

Cisco AAA/Identity/Nac :: Configure Radius Authentication Across Site-to-site VPN For ASA 5510-01 For Remote Access?

Jun 28, 2012

I am attempting to configure Radius authentication accross a site-to-site VPN for my ASA 5510-01 for remote access.
 
 ASA5510-1 currently has a live site to site to ASA5510-2.
 
ASA 5510-1 - 10.192.0.253
 
ASA 5510-2 - 172.16.102.1
 
DC - 172.16.102.10
 
ASA5510-01 can ping the DC and vica versa but is unable to authticate when i perform a test. ASA5510-01 can authenticate to a DC on it;s own LAN but not on the remote LAN that DC sits on.
 
I have double checked the 'Server Secret Key' and ports as well as various users which all work locallly. ASA5510-02 authenticates to DC with no problems.

View 3 Replies View Related

Security / Firewalls :: Cisco - Unable To Configure Site-to-site Vpn

Sep 14, 2012

I am configuring Site-to-Site VPN with another company. I already make a couple of tunnels but with this one I have a problem. They I already using on their side my local network 192.168.10.0/24 (server is 192.168.10.10) so we need to use imaginary network 172.16.0.5 as server address. Now I need to do NAT 172.16.0.5 to 192.168.10.10 but I am not so good in that.

View 1 Replies View Related

Cisco Routers :: Site-to-Site VPN - Configure It Between RV042 And 2911

Dec 29, 2012

Is there a way to set up a Site-to-site VPN between RV042 & Cisco 2911? I "googled" this and obtained a document, but it is not regarding Cisco 2911: [URL]
 
Routers are needed to setup it successfully. I have tried on both routers several configuration steps, no success...

View 3 Replies View Related

Cisco VPN :: 851 - Configure QOS For Voice Traffic Over Site-to-site VPN Tunnel

Jun 16, 2011

I want to configure QoS for voice traffic over a site-to-site VPN tunnel. I have a Cisco 851 router on the branch end and a Cisco 1800 router at the HQ. The setup is an Avaya Gateway located at the HQ and the idea is that the phones at the branch office are connected over the VPN tunnel to the gateway at the HQ.

I have a 1MB internet link at the HQ from a service provider and 256kbps internet link (from a different service provider) at the branch office. The branch office has just 3 users.

View 12 Replies View Related

Cisco WAN :: Site To Site Vpn Configure With 2 1941k9 Routers

Dec 26, 2010

We  having 2 nos 1941 routers we need configure site to site vpn on this  routers send the configurations . 1st side having server and 2nd  site we having 10 users. 2 side users wants to access trough vpn in that  server .any IOS required are defualt IOS is enof on 1941 k9 Router.

View 3 Replies View Related

Cisco VPN :: Configure A Site-to-Site VPN In ASA 5505 Firewall

Dec 13, 2010

I'm trying to configure a Site-to-Site VPN in a Cisco ASA 5505 firewall which is behind an ISP router (Cisco 800 Series) configured in routing mode (not bridging) and with a static nat of all the ports to the firewall (avoiding bridging mode of the router). [code]

View 12 Replies View Related

Cisco VPN :: ASA 5555-x - Configure Site-to-Site With GRE Tunnel

Jun 9, 2013

I have ASA 5555-x and configurated site to site vpn. Now that our side wants to receive multicast messages from the other side. In this case i know that i must  configurate gre tunnel  on router. because asa is not supported gre tunnel.  i have also router 2811. I know that  we need to add a cisco router behind the firewall in order to receive multicast messages.
 
configurate site to site vpn on asa and gre tunnel configuration on router.

View 6 Replies View Related

Cisco WAN :: ASA5510- Site-to-site Using DNS Name

May 31, 2011

I have some home office setups that have s2s VPNs which terminate on my netscreen SSG5.  I am moving off the SSG and onto an ASA5510 but not sure if or how I can make this work?  The end users do not have static IPs at this point.  I use dyn dns on their home routers to update their DHCP IPs from the providers.  If they can't get static IPs how can I specify the peer ID with a DNS name rather than IP address?

View 1 Replies View Related

Cisco VPN :: ASA5505 Configure Site To Site?

Jan 5, 2012

i am trying to configure a site to site VPN with one of my remote offices.
 
I have used the ADSM Wizard to go through the steps, and i have added the necessary access rules. However, when i try and do a packet tracei get the following error (ad-drop) Flow is denied by configured rule. (see screen shot below)

View 5 Replies View Related

Cisco VPN :: 5510 Site To Site VPN Access To Servers With Overlapped Remote Site

May 18, 2012

I have a requirement to create a site to site vpn tunnel on ASA 5510 from a remote site to my HO, ihave already other site-to-site tunnels are up and running on the ASA.The issue is my remote site has got the network address which falls in one of the subnet used in HO(192.168.10.0/24).My requirement is only  My remote site need to accees couple of my servers in HO which is in 192.168.200.0/24 subnet.

View 2 Replies View Related

Cisco VPN :: 5520 Requirement To Terminate Site-to-site VPN From Remote Site

Jun 17, 2012

We have ordered a pair of Cisco ASA5520 (ASA5520-BUN-K9).Now there is a requirement to terminate site-to-site VPN from remote site. Do we need VPN plus licence for this and how much it cost?

View 1 Replies View Related

Cisco VPN :: 877 / How To IPsec Site To Site Vpn Port Forwarding To Remote Site

Jun 13, 2012

The scenario where a Site to Site VPN tunnel has been established between Site A and Site B. Lan on Site A can ping Lan on Site B. My problem is a Printer behind Site B needs to be accessed by using the WAN IP address of Site A. Also i could not ping the remote lan or printer from the router.
 
Below are my configure on the Cisco 877 in site A.  
 
Building configuration... 
Current configuration : 5425 bytes
!
! Last configuration change at 15:09:21 PCTime Fri Jun 15 2012 by admin01
!
version 12.4
no service pad

[code]....

View 1 Replies View Related

Cisco VPN :: 5505 - Site To Site Connected But Cannot Ping Remote Site

Oct 11, 2011

cisco products and am struggling getting a VPN going between an ASA 5505 and 5510.  I have a VPN created (using the VPN wizward on both) and it shows the VPN is up, but I can't ping the remote site (from either side).

View 11 Replies View Related

Cisco VPN :: ASA 5505 / Site To Site Vpn With One Site Always Initiate A Tunnel?

Feb 7, 2011

I have ASA 5505, i configured site to site vpn between central site and remote site and is working. Now the problem is we use remote site for troubleshooting purpose, so we need to create a tunnel from remote site to central site. I need to configure such a way that remote site can craete a tunnel to central site, but central site not able to create a tunnel, it just respond to remote site.

View 3 Replies View Related

Cisco VPN :: ASA 5505 Site To Site Connection / Remote Site?

Mar 6, 2011

i have 2 router asa 5505 with base license i wanna make site to site vpn connection and remote site using vpn client to connect first i have hdsl router with 5 public ip i wanna try it by giving 1 public ip to each router and try the vpn but nothing work?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved