nainasipra
asked on
Cisco ASA 5510 for VPN connection from remote siteusing Cisco Router 2620
I am using Cisco ASA 5510 for VPN connection and from remote site I am using Cisco Router 2620 for a remote VPN connection as a client VPN with ASA.
I have problem with remote site that every time if my Cisco Router 2620 restart it will not establish VPN connection direct but it will go to VPN authentication screen so someone need to login to that router and enter these credentials then it will build a VPN client connection with ASA 5510.
Some Running Configuration from my remote site client router if you need any configuration to better understand my question please let me know. Waiting for your helpful answers.
ae-auh-wv-rt02#show running-config
Building configuration...
Current configuration : 4861 bytes
!
! Last configuration change at 10:54:23 UTC Mon Dec 12 2011 by admin
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ae-auh-wv-rt02
!
boot-start-marker
boot system flash:c2801-advsecurityk9-
boot-end-marker
!
!
enable secret 5 $1$srqW$HXkpz.5QyKdzbiOL5F
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
ip domain name yourdomain.com
ip name-server 192.168.1.2
ip name-server 192.168.2.250
ip multicast-routing
ip ips notify SDEE
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint test_trustpoint_config_cre
subject-name e=sdmtest@sdmtest.com
revocation-check crl
!
!
!
!
license udi pid CISCO2801 sn FHK1428F2RV
archive
!
redundancy
!
!
!
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
!
!
!
!
!
!
!
crypto ipsec client ezvpn ezvpnwv
connect auto
group DefaultRAGroup key thakral123
mode network-extension
peer 94.56.216.118
xauth userid mode interactive
!
!
!
I have problem with remote site that every time if my Cisco Router 2620 restart it will not establish VPN connection direct but it will go to VPN authentication screen so someone need to login to that router and enter these credentials then it will build a VPN client connection with ASA 5510.
Some Running Configuration from my remote site client router if you need any configuration to better understand my question please let me know. Waiting for your helpful answers.
ae-auh-wv-rt02#show running-config
Building configuration...
Current configuration : 4861 bytes
!
! Last configuration change at 10:54:23 UTC Mon Dec 12 2011 by admin
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ae-auh-wv-rt02
!
boot-start-marker
boot system flash:c2801-advsecurityk9-
boot-end-marker
!
!
enable secret 5 $1$srqW$HXkpz.5QyKdzbiOL5F
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
ip domain name yourdomain.com
ip name-server 192.168.1.2
ip name-server 192.168.2.250
ip multicast-routing
ip ips notify SDEE
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint test_trustpoint_config_cre
subject-name e=sdmtest@sdmtest.com
revocation-check crl
!
!
!
!
license udi pid CISCO2801 sn FHK1428F2RV
archive
!
redundancy
!
!
!
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
!
!
!
!
!
!
!
crypto ipsec client ezvpn ezvpnwv
connect auto
group DefaultRAGroup key thakral123
mode network-extension
peer 94.56.216.118
xauth userid mode interactive
!
!
!
Configure a "site to site" vpn connection instead of a "remote access" connection.
You have to configure a Site-to-Site VPN which will automatically establish adjacency, so use the GUI you're using with then router an use the Site to Site VPN wizard, after doing that generate a mirrror and run the site-to-site wizard on the ASA entering the info you got from the mirror configuration, make sure all nat exemptions for the separate subnets on each side so it knows to keep the ip addressing on the tunnel, also allow traffic to traverse networks on the firewall rules and you should be good
ASKER
Dear Experts
Thanks for this help i will try to configure as per your guidance. I will get back to you for the result. could you send me any site link for this detail configuration it will be very helpful for me.
thanks once again.
Thanks for this help i will try to configure as per your guidance. I will get back to you for the result. could you send me any site link for this detail configuration it will be very helpful for me.
thanks once again.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dear Fallacy,
do i need Public IP address for both sites also because i have Public static IP address for Head Office(ASA 5510) but i don't have public IP for remote site(Router). Can i do site to site VPN with this mean i have public IPs for ASA but which ip i will use for remote site.
do i need Public IP address for both sites also because i have Public static IP address for Head Office(ASA 5510) but i don't have public IP for remote site(Router). Can i do site to site VPN with this mean i have public IPs for ASA but which ip i will use for remote site.