Solved

revive site to site cisco VPN Tunnel

Posted on 2009-06-29
2
352 Views
Last Modified: 2012-05-07
I have 2 firewalls that I have inherited.  Unfortunately I only really understand the ASDM and ever then not to well.

These 2 firewall did have a tunnel between them at one time.  However it was deleted.

However it was not deleted completely, there are still elements of the old tunnel in both firewalls.  Becuase of this ASDM will not let me create a new tunnel as some of the IP Addresses overlap.

What components are necessary for a site to site tunnel?  All the documentation either points to using ASDM, but how to I manually add the missing pieces?

What CLI commands do I run to figure out what is missing, so that I can add them via the CLI?
0
Comment
Question by:brittonv
2 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 24738311
You should start from collecting information about each side.
What information is present and what information is missing for each from the other?
The missing information could be the peer on each side, preshared key, certificate, etc..


0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 500 total points
ID: 24740409
You sholud look booth side:

sh cry isakmp policy
sh cry isakmp key
sh cry ipsec transform-set
sh cry ipsec security-association

It is good if are same on booth side

after you shuld look access-list configs:

ip access-list extended FSZEK_IPSEC
 permit ip x.x.x.x wildcard network address z.z.z.z wildcard network

after you shuld look crypto map configs:

crypto map xxx10 ipsec-isakmp
 set peer zz.zz.zz.zz
 set security-association lifetime seconds 28800
 set transform-set myset
 match address zzzzz_IPSEC

After you should put the outside interface!



0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question