Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

ASA 5505 Site to Site VPN

Posted on 2012-04-10
3
417 Views
Last Modified: 2012-04-16
HI There;
I'm trying to configure a site to site VPN connection with one of our branch offices, but it is not working.
I'm creating the connection using the ASDM VPN wizard, supplying the remote site LAN address and the peer public address, making sure that all the rest of the config are match.
One thing that i'm not sure and that might be the problem, is that the remote site have their ASA 5505 behind their ISP modem, which assignes the ASA outside interface an ip of 192.168.2.10, meaning the ASA is already NATed itself. Can this be the problem?

ASA-LAN-192.168.50.1 --->ASA-WAN-192.168.2.10---->ISP-MODEM-67.99.xx.xx---->MY-ASA-WAN-209.115.xx.x---->MY-ASA-LAN-192.168.168.xx

Sorry if i'm missing any info here.
0
Comment
Question by:isaman07
  • 2
3 Comments
 
LVL 10

Expert Comment

by:SuperTaco
ID: 37829903
That is definately your problem right there.  You can try getting the public IP address of the other ASA behind the ISP modem (the modem's IP, set the VPN to recognize and identifier, and then enable keep alives. That shoudl do it
0
 
LVL 14

Author Comment

by:isaman07
ID: 37830160
Hold on, can you explain that more please?
0
 
LVL 10

Accepted Solution

by:
SuperTaco earned 500 total points
ID: 37835549
Sorry.  I got ahead of myself. Admittedly, it's not the easiest thing to explain Basically the ASA has a static IP and the remote device has a dynamic IP.
You configure a normal site-to-site tunnel on the remote end, but on the ASA side configure a dynamic tunnel to accept the connection from the remote device.
This scenario will work, the only restriction is the tunnel will only be able to initiate from the remote end device (in the example above an IOS router).

This may shed some light on it using the CLI
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

Here's a decent EE article
http://www.experts-exchange.com/Hardware/Networking_Hardware/Q_23831665.html

You are basically going to use the public IP of the cable modem for the connection IP
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question