Solved

Setup a VPN between to ASA5510 units

Posted on 2007-11-29
4
254 Views
Last Modified: 2010-07-27
I am trying to setup a permanent link with a VPN using 2-Cisco ASA55100 units. One at each location. I have the one at location A setup and the VPN connection works using the client software on a computer. I am trying to setup the firewall at location B to connect to Location A and stay connected at all times. Can anyone help me get started?

Thanks,
0
Comment
Question by:Wyandotte
  • 3
4 Comments
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 500 total points
ID: 20376052
it will never stay connect "always" unless there is atleast some traffic going thru the tunnel on a regular basis; otherwise the connection times out and the tunnel is ripped down.

to setup a L2L vpn, you need the following
1) add acls; one acl to identify the traffic going thru the tunnel, one acl with same entries but added to the nat 0 acl
2) create the crypto transform set, and isakmp policy
3) create the crypto map, match address, set peer, etc.
4) create tunnel-group for peer and set ipsec-attribute pre-shared-key

do that on both with the peer being the other asa and acls just in reverse (so the src and dst subnets are correct for the corresponding asa), then ping a host on a subnet from the other subnet location and it should come up.

if you need specifics let me know, however I'd need you to post the following info, acls, crypto, isakmp, tunnel-group and group-policy information
0
 

Author Comment

by:Wyandotte
ID: 20377101
All email and internet access will be going from the remote location, through the VPN through our exchange and surf control here. Will this be the way that I want to set it up for that?
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 20377349
same way, just make your acls to be "any any" instead of specifying subnets then.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 20386126
actually scratch that.  it should work, but should probably use the recommended method

set it up so the remote firewall's acl is <<local net>> to any and the hq firewall is any to <<remote net>>

the reason for this is that the acls at each firewall should be exact mirrors of one another
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now