Solved

Setup a VPN between to ASA5510 units

Posted on 2007-11-29
4
260 Views
Last Modified: 2010-07-27
I am trying to setup a permanent link with a VPN using 2-Cisco ASA55100 units. One at each location. I have the one at location A setup and the VPN connection works using the client software on a computer. I am trying to setup the firewall at location B to connect to Location A and stay connected at all times. Can anyone help me get started?

Thanks,
0
Comment
Question by:Wyandotte
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 500 total points
ID: 20376052
it will never stay connect "always" unless there is atleast some traffic going thru the tunnel on a regular basis; otherwise the connection times out and the tunnel is ripped down.

to setup a L2L vpn, you need the following
1) add acls; one acl to identify the traffic going thru the tunnel, one acl with same entries but added to the nat 0 acl
2) create the crypto transform set, and isakmp policy
3) create the crypto map, match address, set peer, etc.
4) create tunnel-group for peer and set ipsec-attribute pre-shared-key

do that on both with the peer being the other asa and acls just in reverse (so the src and dst subnets are correct for the corresponding asa), then ping a host on a subnet from the other subnet location and it should come up.

if you need specifics let me know, however I'd need you to post the following info, acls, crypto, isakmp, tunnel-group and group-policy information
0
 

Author Comment

by:Wyandotte
ID: 20377101
All email and internet access will be going from the remote location, through the VPN through our exchange and surf control here. Will this be the way that I want to set it up for that?
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 20377349
same way, just make your acls to be "any any" instead of specifying subnets then.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 20386126
actually scratch that.  it should work, but should probably use the recommended method

set it up so the remote firewall's acl is <<local net>> to any and the hq firewall is any to <<remote net>>

the reason for this is that the acls at each firewall should be exact mirrors of one another
0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ACL not working 11 63
IPAD vpn connection 3 27
HP Storage and Cisco Nexus 4 64
What is the best use case for EVPN added to an existing spine/leaf architecture? 3 36
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question