Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

Setup a VPN between to ASA5510 units

I am trying to setup a permanent link with a VPN using 2-Cisco ASA55100 units. One at each location. I have the one at location A setup and the VPN connection works using the client software on a computer. I am trying to setup the firewall at location B to connect to Location A and stay connected at all times. Can anyone help me get started?

Thanks,
0
Wyandotte
Asked:
Wyandotte
  • 3
1 Solution
 
Cyclops3590Commented:
it will never stay connect "always" unless there is atleast some traffic going thru the tunnel on a regular basis; otherwise the connection times out and the tunnel is ripped down.

to setup a L2L vpn, you need the following
1) add acls; one acl to identify the traffic going thru the tunnel, one acl with same entries but added to the nat 0 acl
2) create the crypto transform set, and isakmp policy
3) create the crypto map, match address, set peer, etc.
4) create tunnel-group for peer and set ipsec-attribute pre-shared-key

do that on both with the peer being the other asa and acls just in reverse (so the src and dst subnets are correct for the corresponding asa), then ping a host on a subnet from the other subnet location and it should come up.

if you need specifics let me know, however I'd need you to post the following info, acls, crypto, isakmp, tunnel-group and group-policy information
0
 
WyandotteAuthor Commented:
All email and internet access will be going from the remote location, through the VPN through our exchange and surf control here. Will this be the way that I want to set it up for that?
0
 
Cyclops3590Commented:
same way, just make your acls to be "any any" instead of specifying subnets then.
0
 
Cyclops3590Commented:
actually scratch that.  it should work, but should probably use the recommended method

set it up so the remote firewall's acl is <<local net>> to any and the hq firewall is any to <<remote net>>

the reason for this is that the acls at each firewall should be exact mirrors of one another
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now