?
Solved

revive site to site cisco VPN Tunnel

Posted on 2009-06-29
2
Medium Priority
?
355 Views
Last Modified: 2012-05-07
I have 2 firewalls that I have inherited.  Unfortunately I only really understand the ASDM and ever then not to well.

These 2 firewall did have a tunnel between them at one time.  However it was deleted.

However it was not deleted completely, there are still elements of the old tunnel in both firewalls.  Becuase of this ASDM will not let me create a new tunnel as some of the IP Addresses overlap.

What components are necessary for a site to site tunnel?  All the documentation either points to using ASDM, but how to I manually add the missing pieces?

What CLI commands do I run to figure out what is missing, so that I can add them via the CLI?
0
Comment
Question by:brittonv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 24738311
You should start from collecting information about each side.
What information is present and what information is missing for each from the other?
The missing information could be the peer on each side, preshared key, certificate, etc..


0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 2000 total points
ID: 24740409
You sholud look booth side:

sh cry isakmp policy
sh cry isakmp key
sh cry ipsec transform-set
sh cry ipsec security-association

It is good if are same on booth side

after you shuld look access-list configs:

ip access-list extended FSZEK_IPSEC
 permit ip x.x.x.x wildcard network address z.z.z.z wildcard network

after you shuld look crypto map configs:

crypto map xxx10 ipsec-isakmp
 set peer zz.zz.zz.zz
 set security-association lifetime seconds 28800
 set transform-set myset
 match address zzzzz_IPSEC

After you should put the outside interface!



0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question