Cisco VPN :: RV042 / ASA 5510 - Site To Site VPN Configuration
Mar 7, 2013
I configured every thing in both site, there is a connection between my sites BUT I can't access my resources from Site B with it has RV042. It also shows that it connected to my ASA in Site A but there is no traffic between sites !!! I don't know what should I do now ?
View 2 Replies
ADVERTISEMENT
Apr 23, 2013
I have got two CISCO RV042 .I need to configure a site to site VPN .
View 1 Replies
View Related
Sep 12, 2011
I configurated Ipsec vpn at asa 5510. my inside ip 192.168.10.156my public ip: 85.x.x.xmy peer ip : 62.x.x.x
the project is that:
the remote site want the interesting traffic like that:
source ip 172.16.1.104 can access destination ip 10.0.154.27
My inside ip is 192.168.10.0/0 and i can not to change it 172.16.1.0/24 and i can not to add this ip at my network.
View 3 Replies
View Related
Mar 9, 2011
I am try to configure ASA 5510 with 8.3 IOS version.My internal users are 192.168.2.0/24 and i configured dynamic PAT and are all internet .
i want configure identity NAT for remote access VPN.Remote users IP pool is 10.10.10.0 to 10.10.10.10
i know to configure NAT exemption in IOS 7.2 version. But here IOS 8.3 version. configure NAT exemption for 192.168.2.0/24 to my remote pool( 10.10.10.0 to 10.10.10.10).
View 6 Replies
View Related
Apr 18, 2013
I am not very experienced with Cisco networking.
Here is the situation.
Site A - headquarters 192.168.1.x
Site B - remote office 192.168.20.x
Site C - remote office 192.168.30.x
Site A - ASA 5510
Site B - ASA 5505
Site C - ASA 5505
Site-to-site VPN is established and works between A and B, A and C. Users would like to establish a tunnel between B and C to work on a common project and the data is on Site B.
I tried configuring the S2S VPN with pre-shared keys on both firewalls at sites B and C but in the end it is not established (I cannot ping either side). I used the Wizard interface multiple times and one time the CLI. I generally followed the settings chosen between the headquarter and the individual remote sites and tried to replicate them. Obviously I have made a mistake somewhere.
Could there be any limitation on the ASA 5505 in terms of licensing and the number of S2S tunnels?
View 7 Replies
View Related
May 18, 2012
I have a requirement to create a site to site vpn tunnel on ASA 5510 from a remote site to my HO, ihave already other site-to-site tunnels are up and running on the ASA.The issue is my remote site has got the network address which falls in one of the subnet used in HO(192.168.10.0/24).My requirement is only My remote site need to accees couple of my servers in HO which is in 192.168.200.0/24 subnet.
View 2 Replies
View Related
Dec 29, 2012
Is there a way to set up a Site-to-site VPN between RV042 & Cisco 2911? I "googled" this and obtained a document, but it is not regarding Cisco 2911: [URL]
Routers are needed to setup it successfully. I have tried on both routers several configuration steps, no success...
View 3 Replies
View Related
Mar 25, 2013
I have no problem configuring both devices to successfully connect when the juniper firewall isn't in the picture. But due to policy; the RV042 at our main site must sit behind the firewall.
I've got the port forwarding setup but I'm not able to connect. I know I"m missing some configuration on the RV042 but I can't think of it! I've attached a GIF to give an example of both setups.
View 3 Replies
View Related
May 7, 2012
I am trying to set up a Site to Site between two RV042 with static IP at both routers.at the log at site 1 i get: packet from XX.XXX.XX.167:5: initial Main Mode message received on 10.2.32.1:500 but no connection has been authorized with policy=PSK.At site 2 i get: packet from xxx.xxx.xxx.146:500: initial Main Mode message received on 192.168.1.1:500 but no connection has been authorized with policy=PSK.I have tuned off the firewall and added a Port forwarding to the router ip and port 500.Tried with different autentication methods, but get the same message.
View 1 Replies
View Related
Jul 6, 2012
how to configure a site-to-site VPN between RV042 router and 1941 router?
View 0 Replies
View Related
Sep 3, 2012
I'm trying to establish a site to site VPN using ipsec between an RV220W in the UK and an RV042 in Italy to no avail.The RV042 tells me it's "waiting for a connection" and it gives 0.0.0.0 as the remote address (i'm using Dynamic addressing at both ends). I can ping the remote address with a response.The basic parameters I'm using is 3DES with SHA1, but the RV042 offers an option for Perfect Forward Secrecy which the RV220W does not (I've tried toggling this) and the RV220W offers and Extended Authentication mode which I can't see on the RV042.
View 2 Replies
View Related
Nov 28, 2012
I recently bought two RV042s to create a site to site VPN for a client. I have several of these setups installed at other locations but this is the first version 3 hardware I've used.It seems like the dynamic IP functionality of the VPN setup may not be working correctly. I've verified all settings on each router match and have deleted/recreated the setup several times just to make sure. Here's the logs from the router with a static IP.
Nov 29 06:49:51 2012 VPN Log (g2gips0): deleting connection
Nov 29 06:49:51 2012 VPN Log added connection description (g2gips0)
Nov 29 06:49:51 2012 VPN Log listening for IKE messages
Nov 29 06:49:51 2012 VPN Log forgetting secrets
Nov 29 06:49:51 2012 VPN Log loading secrets from '/etc/ipsec.d/ipsec.secrets'
Nov 29 06:49:51 2012 VPN Log (g2gips0): cannot initiate connection without knowing peer IP address
Nov 29 06:49:51 2012 VPN Log (g2gips0): cannot initiate connection without knowing peer IP address
I've tried both dynamic IP + email and dynamic IP + FQDN to authenticate the router using the dynamic IP and both give the same error as above.I did a firmware update hoping to fix PPPoE which seemed to be broken with a Netopia modem in bridge mode so both routers are on the latest firmware, v4.2.1.02.
View 18 Replies
View Related
Oct 15, 2012
May I know can the 2 models WRVS4400N and RV042 perform site-to-site vpn with each other?
View 1 Replies
View Related
Jan 24, 2013
I have an RV042 connected to another RV042 via site-to-site VPN. The tunnel has been solid for months, but when I did an actual read/write test between PCs at either endpoint, the speeds were quite slow.
Endpoint A has a line speed of 25/5.
Endpoint B has a line speed of 50/7-ish.
Read/write test from A to B was about ~3 write and ~7 read. Does this sound normal for these routers? I was hoping for better performance than that.
View 1 Replies
View Related
Nov 8, 2012
My problem is VPN Site2Site between Cisco and Linksys routers: after a troubles vpn tunnel now seems up but no data is passed accross tunnel.This is configuration of Linksys RV042 (Firmware Version: 1.3.12.6-tm, seems last for this hardware [code]
View 1 Replies
View Related
Mar 6, 2013
Our Headquarter (asa 5510) is running a site to site vpn connection with a Branch office (router 2811). All remote users are accesing the internet through the VPN and also accesing headquarter file servers.I want to know if there is a way for some remote users to be able to use the vpn for accesing the file servers but to access the internet through the branch office. The rest of the remote users will be still accessing the internet through VPN.
View 2 Replies
View Related
Apr 22, 2012
I've setup a site to site vpn on an ASA 5510 using ASDM (as I have many times before) and the tunnel appears to be up but I am not able to pass traffic. When I run the packet tracer from my inside network to the remote destination network, it shows that it is blocked by the implicit deny ip any any rule on my inside incoming access list.
View 5 Replies
View Related
Jul 15, 2012
we have two ASA 5510s one in 8.4(4) and one in 8.2(5) in a site-to-site VPN setup. All internal traffic is working smoothly.Site/Subnet A: 192.160.0.0 - local (8.4(4)) Site/Subnet B: 192.260.0.0 - remote (8.2(5)) VPN Users: 192.160.40.0 - assigned by ASA When you VPN into the network, all traffic hits Site A, and everything on subnet A is accessible.
Site B however, is completely inaccessible for VPN users. All machines on subnet B, the firewall itself, etc... is not reachable by ping or otherwise.There are also some weird NAT rules that I am not happy with that were created after I upgraded Site A ASA to 8.4
Site A internal: 192.160.x.x External: 55.55.555.201(main)/202(mail)
Site B (over site-to-site) is 192.260.x.x External: 66.66.666.54(all)
I pretty much just have the basic NAT rules for VPN, Email, Internet and the site-to-site.What do I need to add for the VPN to be able to access the site-to-site network?
Here is my NAT config:
nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static VPN_Network VPN_Network no-proxy-arp route-lookup
nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static DOMAIN_REMOTE DOMAIN_REMOTE no-proxy-arp route-lookup
!
object network DMZ_Network
nat (DMZ,Outside) dynamic interface
object network DOMAIN_LOCAL
[code]....
View 3 Replies
View Related
Jul 21, 2011
I setup RA-VPN under local asa 5510 IP pool (192.168.127.0/24) and all was working fine. I got internet and local network access.
Then i have 5 site to site VPN working fine but when im traying to access to those L2L VPNs from the remote acces client im not able to do that. So after that i decided to obtain IP addresses from my DHCP server so i can obtain IPs from my local network (172.17.16.0/16) and then access normally to the VPN site to site. But the surprise was that the VPN cisco client is getting local IP address (172.17.16.222) perfectly but im not able to access even to my local network.
I have the same-security-traffic permit inter-interface same-security-traffic permit intra-interface enable.
View 6 Replies
View Related
Apr 16, 2011
I have a ASA 5510 actve/standby and create one site to site VPN with remote peer ip address xx.xx.xx.xx, Our VPN traffic running on 6 mb internet link for video conferancing traffic.Now client give another link 2 mb internet and client told to us our data traffic runnig on 2 mb link but this data traffic running on the same remote peer IP xx.xx.xx.xx.
Secondly request also they need failover over the ISP link.
how we immplement the same on ASA 5510.
View 0 Replies
View Related
Oct 10, 2012
I have a ASA 5510 at our corporate HQ that has one site to site VPN. I need to add 6 additional site to site VPN's to this ASA for our remote branches. How can I add them without affecting the existing site to site VPN? The 6 site to site VPN's will all have the same settings however these settings are different from the existing site to site that I already have set up. How can I set it up so the 6 additional VPN's use their own crypto map and all use the same settings?
View 1 Replies
View Related
May 28, 2012
I have a ASA 5510 that has multiple site to site VPNs. I need to create an additiona site to site VPN but only allow 1 host to access and traverse the tunnel. The network is on a 192.168.5.x but the host that will need to access this tunnel needs to be on a 172.16.33.x network. I dont want any other traffic allowed to access or traverse the VPN tunnel for this host. How can I set this up?
View 33 Replies
View Related
Apr 30, 2013
I have an ASA 5510 8.2(5) in Site1 and a ASA 5505 8.2(1) Site2 they are setup with a site to site tunnel.Each site has VPN clients that connect and I would like to allow clients from both sides access to servers on the other side of the site-to-site tunnel.
I enabled same-security-traffic permit intra-interface I also added the remote networks to access-list that is doing the split tunneling. [code]
View 33 Replies
View Related
Feb 14, 2011
I have a cisco ASA 5510 at the branch here. It terminates about 8 vpn tunnels and also it supports remote access clients. I just have a quick question. Can my remote sub-net group access the other remote access site-site VPN subnet group. If yes then how should i configure it.
View 6 Replies
View Related
Sep 30, 2012
I have a dynamic VPN site to site between ASA 5510 vs C880 with segment 172.23.191.0/25 for ASA side and some host in C880 side (e.g. 128.1.100.211, 128.1.115.181, 128.1.104.212) . The VPN is up, but only have communication with a host (128.1.115.181).
In the logs appears the next message when I try communication for all aother IP in the policy map configuration: IKE Initioator unable to find policy: Intf Inside, Src: 172.23.191.87, Dst: 128.1.115.182..ONLY WHEN I PINGING FROM SOME HOST IN C880 SIDE (e.g. 128.1.100.211) the communication is successfull.
What happen with this VPN, because I need to pinging from C880 IP host to ASA segment for establish communication?
View 7 Replies
View Related
May 26, 2011
I'm trying to figure out how to get two 5510 ASA's to establish a Site-to-Site VPN.The version with two static IP's is working perfectly and stable but I haven't figured out how to get a VPN running between a static and a dynamic IP
View 12 Replies
View Related
Jun 28, 2012
I am attempting to configure Radius authentication accross a site-to-site VPN for my ASA 5510-01 for remote access.
ASA5510-1 currently has a live site to site to ASA5510-2.
ASA 5510-1 - 10.192.0.253
ASA 5510-2 - 172.16.102.1
DC - 172.16.102.10
ASA5510-01 can ping the DC and vica versa but is unable to authticate when i perform a test. ASA5510-01 can authenticate to a DC on it;s own LAN but not on the remote LAN that DC sits on.
I have double checked the 'Server Secret Key' and ports as well as various users which all work locallly. ASA5510-02 authenticates to DC with no problems.
View 3 Replies
View Related
Sep 17, 2012
I'm setting up a Site-to-Site Cisco VPN between ASAs. I'm being told by the remote site engineer to set the maximum MTU at 1362. Is it possible to set the MTU for one specific site-to-site VPN on my ASA 5510 Security Plus to MTU 1362? I see my interfeces are all set at 1500. If not, would you recommend I setup a subinterface on my inside network router and a subinterface on the ASA with an MTU of 1362 to get around this issue? Then use this subinterface for traffic from my inside network to transverse through prior to hitting the VPN.
View 1 Replies
View Related
Oct 3, 2012
Site A has an ASA 5510 and a single internet connection.Site B has two internet connections (primary and backup). If Site B also has an ASA, I can configure Site A's ASA to deal with a failover at Site B (set peer 1.1.1.1 2.2.2.2). Does this work if Site B has an IOS router instead of an ASA? In other words will "set peer 1.1.1.1 2.2.2.2" on the ASA work when it's talking to IOS on the other end?
View 15 Replies
View Related
Jan 29, 2011
I have a site to site tunnel (bidirectional) configured between two ASA 5510's (head office and remote office) running 8.2.2. I'm trying to upgrade one end (head office) of the tunnel to 8.3.2 but when I do that, traffic from the remote office to the head office isn't transported. Traffic from the head office to the remote office is still fine (remote desktop sessions, etc).
A quick comparison of the 8.2.2 config and the 8.3.2 config on the head office ASA look identical in terms of the crypto/site-to-site commands.Is there any Cisco guide created yet for creating site/site tunnels under 8.3.2? I'm able to upgrade both ASA at the same time if that's determined to be a prerequisite.
View 2 Replies
View Related
Dec 12, 2011
We have a Cisco ASA 5510 at our main office that makes connection with a 5505 at our other office using site to site VPN. (works)
Now for the question,
we want to access our other office from the main office but we wont want them to have access to our servers etc. so basically we want to control them but they shouldn't have the rights to control us.
Is this possible with a site to site VPN? and how to do it.
View 7 Replies
View Related
Jul 12, 2012
Our HQ office has an ASA 5510 with full access to internal and external IP's. We have a small group of remote users that are working from a shared office suite and they only have Internet access by way of internal default gateway. Using a VPN client is not desirable due to many other devices requiring access to HQ. Is there a way to create a site-to-site VPN from this remote office space back to HQ (ASA 5510) if they have no access to the public IP address on their end?
View 2 Replies
View Related
Nov 29, 2011
I was traying to make a site to site VPN between a cisco 1800 router and cisco asa 5510. But it was impossible to get it. [code]
View 1 Replies
View Related