Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Setup a VPN between to ASA5510 units

Posted on 2007-11-29
4
Medium Priority
?
264 Views
Last Modified: 2010-07-27
I am trying to setup a permanent link with a VPN using 2-Cisco ASA55100 units. One at each location. I have the one at location A setup and the VPN connection works using the client software on a computer. I am trying to setup the firewall at location B to connect to Location A and stay connected at all times. Can anyone help me get started?

Thanks,
0
Comment
Question by:Wyandotte
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 2000 total points
ID: 20376052
it will never stay connect "always" unless there is atleast some traffic going thru the tunnel on a regular basis; otherwise the connection times out and the tunnel is ripped down.

to setup a L2L vpn, you need the following
1) add acls; one acl to identify the traffic going thru the tunnel, one acl with same entries but added to the nat 0 acl
2) create the crypto transform set, and isakmp policy
3) create the crypto map, match address, set peer, etc.
4) create tunnel-group for peer and set ipsec-attribute pre-shared-key

do that on both with the peer being the other asa and acls just in reverse (so the src and dst subnets are correct for the corresponding asa), then ping a host on a subnet from the other subnet location and it should come up.

if you need specifics let me know, however I'd need you to post the following info, acls, crypto, isakmp, tunnel-group and group-policy information
0
 

Author Comment

by:Wyandotte
ID: 20377101
All email and internet access will be going from the remote location, through the VPN through our exchange and surf control here. Will this be the way that I want to set it up for that?
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 20377349
same way, just make your acls to be "any any" instead of specifying subnets then.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 20386126
actually scratch that.  it should work, but should probably use the recommended method

set it up so the remote firewall's acl is <<local net>> to any and the hq firewall is any to <<remote net>>

the reason for this is that the acls at each firewall should be exact mirrors of one another
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question