Site to Site VPN with Cisco Security Appliance 5505 Devices

I have 2 Cisco Security Appliance 5505 Devices and 2 locations.  Location 1 (main office) has a stand alone server running DHCP and is a domain controller.  Location 2 (satellite office) has 3 workstations.

I would like to set up a site to site VPN using my Cisco devices so each one of my workstations in the satellite office can join the domain in the main office and obtain IP addresses from the main office DHCP automatically (if possible).

I have access to both devices via SSH or the ASDM interface.  I've tried using the ASDM wizard, but did not have any luck.   I used this documentation to try to set up using the wizard: http://www.cisco.com/en/US/docs/security/asa/asa72/getting_started/asa5505/quick/guide/sitesite.html

I appreciate any feedback. Thanks
TechPleaseAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oalvaCommented:
looks like you are using the right documentation but on the satelite office you will need to setup dhcp of the firewall and give that network a different set of IP's
main office inside interface 10.10.10.1  Example
Satelite inside interface 10.20.20.1/24
satelite
dhcpd address 10.20.20.100-10.20.20.200 interface inside
dhcpd DNS 10.10.10.20   server in main office
dhcpd enable inside
0
TechPleaseAuthor Commented:
Currently that is my setup.

Main office:
192.168.1.1/24

satellite
192.168.2.1/24

After running the VPN wizard, I was not able to ping to from one network to the other.( echos are
permitted.)

After running the wizard is there something I need to do in order to initiate the vpn?
0
ptchubaCommented:
can you provide the configs of both ASA's ?
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

TechPleaseAuthor Commented:
Sorry, both of these are remote sites and one of them went down.

They are both backup and I believe I have stripped away all of the old settings.

I've provided an image of the current setup.

I have access to both ASA devices via ASDM or SSH.

Should I use the VPN Wizard, or manually input the settings?  I have limited knowledge of the Cisco terminal, so the ASDM wizard would be ideal.

Thanks.
Cisco-Site-to-Site.jpg
0
oalvaCommented:
if you use the wizard it is straight foward you just create your site to site on  each one and the wizard will do the work for you
0
oalvaCommented:
If you need the command line just let us know or if you have any issues after the wizard just post the config and we can get you whatever you are missing
0
TechPleaseAuthor Commented:
I just ran through the wizard on both devices.

on the MAIN OFFICE DEVICE I entered the Peer public address of the REMOTE OFFICE, and vice versa at the REMOTE OFFICE.

I am trying to test it by pinging from client to server and it has not worked.  Is there a way to test the VPN tunnel itself?  

Do I need to do anything to initiate the VPN tunnel?
0
TechPleaseAuthor Commented:
I did "sh run" on each device and posted the output.

I've replaced the public ip addresses with:

1.2.3.4 for Remote Office
5.6.7.8 for Main Office
MAIN-OFFICE.txt
REMOTE-OFFICE.txt
0
TechPleaseAuthor Commented:
Would the comcast modem be causing any problems?  

The Cisco documentation I've been using is from one ASA to another without any device in between.  I have setup a DMZ on each network that I assume is bypassing the Comcast Modem, but am I missing something?
0
TechPleaseAuthor Commented:
I added a nonat rule on both sides and it is now working.

Thanks for the help
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.