Solved

Cisco ASA to Cisco 877 ADSL router Site to Site VPN......

Posted on 2009-04-06
5
1,783 Views
Last Modified: 2012-05-06
Hi,
We have recently update our firewall to a Cisco ASA 55xx series, previously we had  a Watchguard. I am trying to migrate some site to site VPNs to the new firewall and update the remote sites routers.  Hence I need to setup a site to site vpn using Cisco ASA 5510 (ISP leased line with staitic IP) at our HQ site to a Cisco 877 Router (with ADSL and static IP) at the remote sites.

Can somone provide a suitable example config or point me in the right direction, both ends are static / fixed public IP.  These are site to site vpns in effect replicating fully routed WAN sites supporting IP dependant printing for remote devices.  There is no need for DHCP relay / or remote site provision - remote devices will have fixed IPs.

Any info gratefully received!

Many Thanks!

0
Comment
Question by:spinnaker01
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:cosmicfox
ID: 24083142
If you use the ASDM which is the Java GUI for the ASA there is a site to site vpn wizzard that will walk you thought the vpn setup on the ASA. I think it will even make the config for the router at the end. Hope this helps if not let me know what else i can do for you.
0
 

Author Comment

by:spinnaker01
ID: 24095820
Hi Cosmicfox,

H'mm I would rather use the command line as some of the VPN's were migrated as part of the firewall upgrade, therefore the firewall end of these VPN's already exists, hence I am not keen on using the wizard for these - hope that makes sense.

Thanks

Spinnaker01
0
 
LVL 6

Accepted Solution

by:
cosmicfox earned 500 total points
ID: 24099330
That makes sense, i also prefer the CLI. attached are a couple of guides.  Also here is a quick cli of what you will need for a static ipsec rule

access-list CRYPTO_DYNAMIC_CISCOVPN extended permit ip any x.x.x.x 255.255.255.0



access-list CRYPTO_MATCH extended permit ip x.x.x.x 255.255.0.0 x.x.x.x 255.255.255.0



crypto dynamic-map CRYPTO_OUTSIDE_DYN_MAP 1 match address CRYPTO_DYNAMIC_CISCOVPN
crypto dynamic-map CRYPTO_OUTSIDE_DYN_MAP 1 set transform-set ESP-AES-128-MD5 ESP-AES-128-SHA ESP-3DES-MD5


crypto map CRYPTO_OUTSIDE_MAP 10 match address CRYPTO_MATCH
crypto map CRYPTO_OUTSIDE_MAP 10 set peer x.x.x.x
crypto map CRYPTO_OUTSIDE_MAP 10 set transform-set ESP-3DES-MD5
crypto map CRYPTO_OUTSIDE_MAP 65535 ipsec-isakmp dynamic CRYPTO_OUTSIDE_DYN_MAP

crypto map CRYPTO_OUTSIDE_MAP interface OUTSIDE



tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x general-attributes
default-group-policy test
tunnel-group x.x.x.x ipsec-attributes
pre-shared-key password

ipsec-router-to-pix.pdf
ipsec-rtr-2-pix-asa.pdf
0
 

Author Comment

by:spinnaker01
ID: 24210447
Hi Cosmicfox,

Humble appologies for not getting back to you, I have been out on site and just overtaken by events. I will go through your suggestions and pdfs and get back to you.  Thanks for this info looks good, I'll post a further comment, but probably not unitl next week now.

Thanks and regards............

Spinnaker01.
0
 

Author Closing Comment

by:spinnaker01
ID: 31567208
Hi Cosmicfox,

Thanks for the info, will re-log if required, in the process of testing at present.
Thanks again sorry for the delayed responses.

Spinnaker01
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question