• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 388
  • Last Modified:

How to configure VPN on cisco ASA firewall

Hi Experts,

Please help me in configuring VPN on Cisco ASA firewall.
We have  2 offices and there is a VPN connection eshtablished. Now ISP has been changed in the other office and servers are not accesible.

How do i configure VPN to get access to that network on my firewall .
0
anuboggaram
Asked:
anuboggaram
  • 4
  • 3
  • 3
2 Solutions
 
Gary ColtharpSr. Systems EngineerCommented:
I am assuming the remote office can surf so the ASA at the remote has been reconfigured.

Therefore, you should really only need to change the remote hosts IP address in the site to site VPN already setup on your end.
0
 
anuboggaramAuthor Commented:
Hi gcoltharp,

Could you please help me with commands to edit this configuration?
0
 
Gary ColtharpSr. Systems EngineerCommented:
Are you IOS literate? If not, you might be better served using the GUI based access.

0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
anuboggaramAuthor Commented:
This is something i have to do first time without any knowledge on firewall configuration. Kindly give detailed commands.
0
 
Gary ColtharpSr. Systems EngineerCommented:
Ouch... ASA not a good firewall to cut your teeth on.

Have you telneted to the ASA? Do you know the enable password?
0
 
MikeKaneCommented:
IF the remote office with the new ISP can get outbound to the internet, then all you should need to do is change the PEER IP address on the 1st office's ASA config to reflect the new IP of the remote office.     It should be easy enough to find the line by referencing the original IP which is probably still in the config.  


0
 
anuboggaramAuthor Commented:
Yes, i know few basic commands. I can do enable\change password and configuring terminals etc.,
Now please let me know how to change the existing ip address of remote host.
0
 
MikeKaneCommented:
The peer IP would be found in a section that looks like this:

crypto map mymap 1 match address outside_1_cryptomap
crypto map mymap 1 set peer <ip address>
crypto map mymap 1 set transform-set ESP-3DES-SHA
crypto map mymap interface outside

Just redo the line showing the set peer with the new IP of the remote asa.     The peer IP is the ip address of the far-end of the tunnel.
0
 
anuboggaramAuthor Commented:
Sorry Experts,

Just now came to know that the other office have removed PIX box to which VPN was configured.
They have implemented "untangle" a open source.

Will CISCO ASA 5510 supports vpn connection with this open source?
If so how to do it.
0
 
MikeKaneCommented:
Short Answer: No.

http://forums.untangle.com/openvpn/8578-site-site-vpn-step-step-instructions.html

OpenVPN and Cisco WebVPN both use SSL, they're not compatible with other. You could setup an OpenVPN server inside the ASA, and the OpenVPN traffic would be just another TCP connection over ASA.  However, you'll need to setup a 2nd Openvpn server inside the ASA to make that happen.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 4
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now