Cisco VPN :: Setup ASA5505 Site To Site VPN?
Mar 20, 2013
I need to setup a site to site VPN. Site A has a 5505 running ASA v7.2(4), this has been in place for a few years and is also used regularly for client remote access. For site B i have a brand new 5505 running ASA 8.4(3).Is the ASA version miss match an issue, or should i upgrade site A to the same version as site B? Assuming they should run the same version, which is the best choice to use? There is a choice of 9.0.2 under latest releases, then 9.1.1 ED, and 9.1.1(4) interim.
View 1 Replies
ADVERTISEMENT
Jul 10, 2012
We have a scenario where the Cisco ASA 5505 will be one end of a site-to-site VPN. The same ASA 5505 also allows Client VPN connection. The question is around IP pooling. If I assign a pool of IP's (192.168.1.20 - 192.168.1.30) for Client VPN connections - do I need to be sure that those same IP's are not used on the other side of site-to-site VPN ?
There could be PC's/Servers running 192.168.1.0/24 on the other side of site-to-site VPN. Would this cause an address conflict ?
View 4 Replies
View Related
Jun 28, 2011
I have a site-to-site VPN already established, everything is working as it should. I'm trying to block the remote network from accessing our network since we only need to access theirs. I'm sure this is something very easy to implement with an ACL but I'm not sure where this rule needs to go. The VPN is on ASA 5505.
View 5 Replies
View Related
Jul 10, 2012
I have 2 ASA5505's connected through a site-to-site using IKEv1 and IKEv2.Recently, I ran through the wizard to configure the AnyConnect software. [code]Now, my site-to-site connection will only come up using IKEv1.Is there a way to have both the Site-to-Site and the AnyConnect VPN connections use IKEv2?
View 1 Replies
View Related
May 3, 2011
i have one asa 5505 that have classic remote access vpn set-up and now i need to add site-to-site tunnel on top of the existing configuration. Is that possible with asa 5505 and do i need some special IOS bundle for that? May i use vpn wizard for that or do i need to go through cli since remote access vpn is setup using wizard.
View 2 Replies
View Related
May 9, 2011
we set up a site-to-site-vpn between a 5505 and a 5510 (both asa8.3.1). We configured both sides using the VPN-Wizard in the ASDM. When we try to ping from the network behind the 5505 (192.168.45.0/24) to any host behind the 5510 (192.168.0.0/24) the tunnel gets established but the ping doesn't get trough. After that we tried to connect via RDP to any host behind the 5510 and it worked well (same with ssh, telnet,vnc etc.). Now we want to map a network-share on a 2008-Server behind the 5510 but it's not working. In the ASDM-Log I see some "denied by inside-access in"-messages for the ports 139 and 445. Isn't it right that the whole traffic in the vpn-tunnel bypasses the acl? Even if we open both ports we can't connect to the network-share?
View 1 Replies
View Related
Jun 3, 2012
I'm attempting to configure an for both site-to-site and remote access VPNs. The site-to-site is working fine, however when I connect using the Cisco client, after initial connection and password prompt I get a "not connected" status. The log states that a policy map match could not be found. I have successfully set the unit up for remote access with no site-to-site and ran into another host of issues when adding the site-to-site to the working remote access config, so I started over setting up site-to-site first. I've attempted this through ADSM (hate it) - the current configuration is via CLI. I'm certain I'm just missing a piece or two.
View 2 Replies
View Related
Oct 1, 2012
I just get it that I can make a VPN Site-to-Site IPSec. But if I try to send a ping from one PC (network 1) to the other PC (network 2) it failed.
PC (Network 1) <ASA5505> Switch <ASA5510> PC (Network 2)
between the two ASA I have a funkctional VPN IPSec tunnel, but I can`t get access from one to theother network.
That are the access-list on the ASA5505:
asa5505#
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
alert-interval 300
access-list Inside_ICMP; 4 elements
[Code].....
View 19 Replies
View Related
Feb 8, 2011
I have a client that wants to establisha S2S VPN across the Internet. His Canada site (using an ASA5510) has a traditional fibre Internet service. However, the Chilean side (using an ASA5505) is using a PPoE Internet service. The Chilean IP is dedicated, but the host IP they've received is the same as the default gateway (odd).Anyway, given that it's a PPoE Internet connection with authentication required, is it even possible to establish a S2S VPN. I guess I'm thinking that if the Canada side tries to initiate to the Chilean side without anyone on their end to initiate the traffic first (and therefore authenticate in the process), will this even work?
View 1 Replies
View Related
May 22, 2012
I've spent 2 days already trying to get 2 ASA 5505's to connect using an IPSec vpn tunnel. I cannot seem to figure out what im doing wrong, im using 192.168.97.0 and 192.168.100.0 as my internal networks that i'm trying to connect over a directly connected link on the outside interfaces with 50.1.1.1 and 50.1.1.2 as the addresses (all /24). I also tried with and currently without NAT enabled. Here are the configs for both ASA's, the vpn config was done by the ASDM, however i have also tried the command line apporach with no success. I have followed various guides to the letter online, starting from an empty config and from factory default. I have also tried the 8.4 IOS. [code]
View 2 Replies
View Related
Aug 9, 2011
he IPSec tunnels do not form and I notice the error: 3Aug 09 201105:13:26IP = 39.188.41.188, Error processing payload: Payload ID: 1 Reading up on this it looks like it might be an IKE problem but I'm struggling to find the cause (the new 8.4 commands not useful).
The setup is as follows:-
Head Office
PIX515e v6.3(4)
LAN IP 10.0.160.254/24
Branch Office
ASA5505 v8.4(1)
LAN IP 192.168.47.254/24
View 3 Replies
View Related
Oct 6, 2012
I have configured Site to site and the VPN tunnel is up. But the ACL's are not working.
View 11 Replies
View Related
May 13, 2012
I have a couple of ASAs 5505 (HQ & Branch) running version 8.2(4). They are configured with a Site-to-Site VPN over a single WAN link: [code]
I want to enable sla monitor on one of the devices in order to know the real status of my unique link because the interfaces sometimes don't go down, so I don't have any real statistic of failures.
All the information is related to dual ISP links failover. Is there any extra-consideration for my single link scenario?I already have a static route route outside 0.0.0.0 0.0.0.0 192.168.0.1 1 so I think I have to overwrite it with something like this route outside 0.0.0.0 0.0.0.0 192.168.0.1 1 track 1. Is this correct?If so, when I overwrite it, will the S2S VPN go down and will it go up automatically?
View 1 Replies
View Related
Apr 12, 2013
I am normally a software developer, however with recent staff changes at my company I am now the sole IT person.We have to sites: A and B, and we need to make a site to site.
I have access only to the Site A, this one contain a ADSL modem/router (D-Link DSL-2640U), and a ASA5505 behind the modem.We have an public fixed IP addresse configured on the modem.All the information that i have to configure the vpn is: Public ip of the site_BThe encryption algorithm 3DES-MD5.Shared secretThe site_B subnetwork to be reached using the vpnAnd i nedd to get this VPN UP, and it must be no nating for pakets going throught the VPN (for maintenance Issus).
The D-link modem is configured to get the Public IP from my ISP, and i set on it a DMZ to the ASA5505 (192.168.1.254).Until now, i folowed the site-to-site assistant using the ASDM. [code]
View 1 Replies
View Related
Sep 18, 2012
We have 2 ASA's that connect to a 2811, but for some reason, the 2nd ASA wont connect anymore. Debuging ipsec or isakmp on the 2811 doesn't come up with any messages.
External IP's still correct, and the sites can ping each other.
Only debug on ASA for crypto isakmp comes up with messages (ipsec doesn't give any messages).
ASDM says:
Removing peer from peer table failed, no match!
Error: Unable to remove PeerTblEntry
I found some info on the above error messages, but those links didn't quite useful.
Below is fromt he debug on the ASA:
Sep 18 22:06:09 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0Sep 18 22:06:09 [IKEv1]: IP = 64.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.Sep 18 22:06:10 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0Sep 18 22:06:10 [IKEv1]: IP = 64.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.Sep 18 22:06:13 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0Sep 18 22:06:13 [IKEv1]: IP = 64.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.Sep 18 22:06:16 [IKEv1]: IP = 64.X.X.X, IKE_DECODE RESENDING Message [code]...
View 11 Replies
View Related
Nov 14, 2011
I have 2 ASA 5505 firewall, Site 2 Site VPN working between two firewall. I attached visio diagram for my senario. I configured IPsec Remote VPN in ASA-01 firewall, a user able connted to ASA-01 network via modem through remote VPN. As i configured site 2 site VPN between two ASA, Is that possible that through remote VPN a user can able to connect to ASA-02.
View 2 Replies
View Related
Apr 11, 2012
Does Cisco ASA 5505 is compatible for site-to-site VPN with any of the following devices?
Airlive: RS-1200 Security gateway Fortinet: Fortigate-60C (FG-60C-BDL)
View 1 Replies
View Related
Feb 6, 2012
We are going to deploy a site to site VPN using two ASA5505. The network I'm going to traverse has a max MTU of 1320. I determined this by experimenting with pings of different sizes. How should I configure MTU on my ASAs?I'm thinking of using these two commands but I don't know if there are any implications to this...
ip mtu outside 1320
ip mtu inside 1280
View 1 Replies
View Related
Apr 3, 2012
I'd need to set up site-to-site VPN using ASA 5505 and software 8.2.LAN1 is 10.1.0.0/24, LAN2 is 10.2.0.0/24.The particular thing among the others I've ever set up is that I have to show up to LAN1 as 172.16.1.0/24, and not as 10.1.0.0/24.I have 10.1.0.0/24 as NAT extempt rule, in order to make packet travel the ipsec tunnel, but how can I set up a NAT rule in order to modify LAN2 address and show up to LAN1 as 172.16.1.x instead of 10.2.0.x?
View 3 Replies
View Related
Sep 25, 2012
Today i'm running with an ASA 5510 at the HQ and a ASA 5505 at my home address with a site-2-site VPN connection.
I'm only using the 5505 to hold this site-2-site VPN so it's a bit overkill. I would like a router at my home with build in access point, but it needs to support site-2-site vpn with the ASA 5510 at the HQ.
Are you aware of any Linksys routers that can hold this VPN connection, or is it only "real" cisco routers/firewalls where this is possible?
View 1 Replies
View Related
Sep 20, 2012
I have a site to site VPN. Every few days my site stops transmitting data to the remote site but I do receive data from the remote site. Only way to fix it is to rebuild the tunnel. I dont have any idle time set for the vpn. so not sure why the tunnel keeps going down. I have a ASA 5505 running 7.2 (3) IOS.
View 5 Replies
View Related
Jan 5, 2012
i am trying to configure a site to site VPN with one of my remote offices.
I have used the ADSM Wizard to go through the steps, and i have added the necessary access rules. However, when i try and do a packet tracei get the following error (ad-drop) Flow is denied by configured rule. (see screen shot below)
View 5 Replies
View Related
Aug 8, 2011
im drawing a blank trying to setup a site to site connection with a 5505 ASA using ipsec and isakmp.i have the pre shared key as well as the external address of the other end of the tunnel but do not remember what the commands are to setup the crypto map and isakmp.
View 7 Replies
View Related
Sep 20, 2011
Any step by step guide to setup syslog for site to site VPN.(in ASA 5520)Just send me the step to monitor site to site vpn using that in ASA 5520.
View 2 Replies
View Related
Nov 13, 2012
I have a 5505 asa code version 8.3(2). Trying to set up a site to site tunnel with someone and he is asking if I can use ike v2. How do I go about setting up the tunnel to use ikev2? Is ikev2 an option with site to site tunnels?
View 5 Replies
View Related
May 19, 2011
I have to set up a site to site VPN usin an ASA 5505 and Juniper. I have been informed to inject the VPN with a particular IP.
Following are the ASA 5505 detail
Internal NAT : 192.168.101.024
Configs to implement this SITE to SITE vpn.
access-list limenat extended permit ip 192.168.101.0 255.255.255.0 10.22.53.128 255.255.255.192
access-list limep2p extended permit ip 10.22.153.128 255.255.255.240 10.22.53.128 255.255.255.192
access-list allow-any extended permit ip any any
View 0 Replies
View Related
Feb 8, 2011
How can I set up a Cisco 831 router (branch location) so that it will accept inbound VPN Client connections and initiate a site-to-site IPSec tunnel to our hub location that uses a VPN 3005 Concentrator? I could get the tunnel to work by configuring it in a dynamic crypto map but interesting traffic on the Cisco 831 side would not bring the tunnel up.
View 5 Replies
View Related
Jan 10, 2012
I have been asked to setup a site to site VPN link between two 877-w routers.Not yet had a chance to look at the actual pieces of hardware as they are overseas.
View 3 Replies
View Related
Dec 17, 2012
In a site-to-site vpn environment, can I accomplish the setup using one asa5505 on one end and one 1811 router on the other end or do I need to have two asa 5505 or two 1811 routers? Another word, can I mix and match the devices and still accomplish a site-to-site vpn setup or do I have to have the same devices on both end?
View 2 Replies
View Related
Jun 6, 2011
i am trying to setup a hq to 2 remote office vpn connections, all have Cisco 877 ADSL routers.so far to test I tried to setup a site to site vpn between hq and remote 1.
I setup 2 routers with the following settings:
Router 1:
!
!
ip ssh port 3536 rotary 1
ip ssh version 2
!
!
crypto isakmp policy 1
[code]....
View 2 Replies
View Related
May 2, 2011
I am trying to set up 2 cisco rv 120w routers for a site to site vpn.
View 1 Replies
View Related
May 26, 2011
I've been struggling to get a site-to-site VPN going as I am new to Cisco firewalls (but not firewalls in general). Before going too deep in the config, whether it's possible to restore a backup config from one ASA to another ASA and simply modify some settings? Or is a backup config unique to a device and that might mess up my site-to-site VPN config?
View 7 Replies
View Related
May 18, 2012
I have a requirement to create a site to site vpn tunnel on ASA 5510 from a remote site to my HO, ihave already other site-to-site tunnels are up and running on the ASA.The issue is my remote site has got the network address which falls in one of the subnet used in HO(192.168.10.0/24).My requirement is only My remote site need to accees couple of my servers in HO which is in 192.168.200.0/24 subnet.
View 2 Replies
View Related
