Link to home
Start Free TrialLog in
Avatar of butler741
butler741

asked on

ASA 5505 static IP, site to site vpn to ASA 5505 dynamic ip

I have (2) ASA 5505 Cisco security appliances and I want to create a site to site VPN connection between them.  The issue I am having is that the remote site has a static WAN IP Address through the ISP with a useable static IP Address. The main network site has a WAN IP Address, but it is related to a local default gateway on the ISP router with DHCP enabled to connected hosts.

So I do not know how to set my peer address from the remote site to the main site as the outside interface of the ASA at the main site is dynamic.

Anyone out there know how to set-up a Static to Dynamic site to site VPN with (2) ASA 5505?
SOLUTION
Avatar of SuperTaco
SuperTaco

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of butler741
butler741

ASKER

Thanks SuperTaco, I will try it and post back the result within the next 12 hours.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SuperTaco - I switched to Easy VPN and got the tunnel up, but I can't pass traffic to either local networks. Tweaking ACL's to test.

MikeKane - Thanks. I looked at that link too. It isn't very helpful as it utilizes the VPN Client software. I know people state it still shows the IPSec info, but the PIX commands are old and really don't apply to ASA 8.4(3)

My new issue is passing traffic to the local networks on each side. Does anyone have a config sample for Easy VPN with the VPN server being the remote site with static IP and the VPN Client being the main site with Dynamic assigned IP with DHCP?
Here is some more info to help: (IPs are different than actual. just an example)

Both sides are ASA 5505 8.4(3)

(This side has a static IP outside)
RemoteSite ISP WAN:  55.75.199.150/30
RemoteSite (Outside) 55.75.199.149/30
RemoteSite (Inside) 172.16.112.0/21
#show crypto isakmp sa
IKE Peer: 55.75.198.138

(This side has DHCP assigned IP outside)
MainSite ISP WAN:  55.75.198.138
(Then passes info DHCP to devices using 198.243.4.0/24 with .1 as local gateway)
MainSite (Outside) 198.243.4.10
RemoteSite (Inside) 172.16.8.0/21
#show crypto isakmp sa
IKE Peer: 55.75.199.149

So how do I set up a site to site tunnel under these conditions?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I was offered small amouints of info and non-pertinent info at that.