Do I create a site-to-site IPSEC VPN or use EasyVPN with Cisco ASA5505?
Posted on 2009-05-06
Here's the situation.
Windows Server A ----- Cisco ASA 5505 ----- Internet ----- External Company Remote Device ----- External Company Network
Server A NIC 192.168.1.10 with NAT on 10.10.10.200
Cisco ASA 5505 Internal 192.168.1.1 External 10.10.10.10
External Company Remote Device (Cisco I think but unkown model) External IP 220.127.116.11
External Company Network 192.168.150.0/24
We only manage Server A and Cisco ASA 5505 and have no saying in the other network settings.
From the external company we only received
IP Address, Group Authentication Name, Group Authentication Password.
With the Cisco Client from the Windows Server A we can connect to their network via VPN.
This '"works" but we want to use the ASA 5505. in a site-to-site connection. (Because there are now more servers in our network and installing and managing the Cisco VPN client on each machine and making sure it is always connected is a lot of work)
Normally I create a Site to Site connection from an ASA5505 to a Cisco Router or other ASA.
For this connection I need a preshared key.
But now I have no preshared key and the extenal company says they don't use this (or a certificate).
Can I still create a site to site ? Or do I need extra settings?
I saw you could use EasyVPN in client mode but when I create this connection we cannnot reach the internal servers that are NATed. I cannot use EasyVPN and create an Exempt Access List. I receive an error.
[ERROR] vpnclient enable
* Remove "nat (inside) 0 inside_nat0_outbound"
CONFIG CONFLICT: Configuration that would prevent successful Cisco Easy VPN Remote
operation has been detected, and is listed above. Please resolve the
above configuration conflict(s) and re-enable.
So basically My Question is.
? How can I create a realiable connection from the Cisco ASA5505 to the remote network that works like a site to site VPN connection? Do I use site-to-site IPSec or do I use easyVPN?