Solved

Setup a VPN between to ASA5510 units

Posted on 2007-11-29
4
261 Views
Last Modified: 2010-07-27
I am trying to setup a permanent link with a VPN using 2-Cisco ASA55100 units. One at each location. I have the one at location A setup and the VPN connection works using the client software on a computer. I am trying to setup the firewall at location B to connect to Location A and stay connected at all times. Can anyone help me get started?

Thanks,
0
Comment
Question by:Wyandotte
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 500 total points
ID: 20376052
it will never stay connect "always" unless there is atleast some traffic going thru the tunnel on a regular basis; otherwise the connection times out and the tunnel is ripped down.

to setup a L2L vpn, you need the following
1) add acls; one acl to identify the traffic going thru the tunnel, one acl with same entries but added to the nat 0 acl
2) create the crypto transform set, and isakmp policy
3) create the crypto map, match address, set peer, etc.
4) create tunnel-group for peer and set ipsec-attribute pre-shared-key

do that on both with the peer being the other asa and acls just in reverse (so the src and dst subnets are correct for the corresponding asa), then ping a host on a subnet from the other subnet location and it should come up.

if you need specifics let me know, however I'd need you to post the following info, acls, crypto, isakmp, tunnel-group and group-policy information
0
 

Author Comment

by:Wyandotte
ID: 20377101
All email and internet access will be going from the remote location, through the VPN through our exchange and surf control here. Will this be the way that I want to set it up for that?
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 20377349
same way, just make your acls to be "any any" instead of specifying subnets then.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 20386126
actually scratch that.  it should work, but should probably use the recommended method

set it up so the remote firewall's acl is <<local net>> to any and the hq firewall is any to <<remote net>>

the reason for this is that the acls at each firewall should be exact mirrors of one another
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question