Mystical_Ice
asked on
What's wrong here - setting up tunnel Cisco ASA5505 to ASA5510 via ASDM
Hi,
Trying to set up a connection between two sites - one on an ASA5505 and the other ASA5510
We're both running through the ASDM. i'm attaching a screenshot of what i have on my end (my firewall is 172.17.2.253/24, and his is 10.47.2.254/24). I'm not familiar with the command line, but this seems like it's configured correctly; obviously the other end is done teh same way but with IPs switched
Trying to set up a connection between two sites - one on an ASA5505 and the other ASA5510
We're both running through the ASDM. i'm attaching a screenshot of what i have on my end (my firewall is 172.17.2.253/24, and his is 10.47.2.254/24). I'm not familiar with the command line, but this seems like it's configured correctly; obviously the other end is done teh same way but with IPs switched
ASKER
yeah 172.17.2.0/24 is our local network, and 10.47.2.0/24 is their remote network, but PEER IP address - that doesn't make sense - how can that be the address of the firewalls (172.17.2.253 and 10.47.2.254)?? Wouldn't that need to be the PUBLIC address of the firewall? So they can communicate with each other over the internet?
Yes, the peer addresses need to be reachable over the internet, so they need to be the outside addresses.
ASKER
so what is wrong in my configuration then?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
jmeggers - i'ma ttaching the result of "show crypto isakmp" on the first ASA. i don't have access to the other one at the moment, but will post that output as soon as i can - i'm assured that it is configured the same way though. If you could also let me know wh at you're looking for, and what the problem could be - i'm trying to learn :)
showcryptoisakmp.txt
showcryptoisakmp.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
peer ip should be on the first variable asked right on the top labeled: Peer IP Address, hence on one side it should be 172.17.2.253 on the other ASA 10.47.2.254.
let me know if you were able to resolve this, glad to help you :-)