ASA 5505 Site to Site VPN

HI There;
I'm trying to configure a site to site VPN connection with one of our branch offices, but it is not working.
I'm creating the connection using the ASDM VPN wizard, supplying the remote site LAN address and the peer public address, making sure that all the rest of the config are match.
One thing that i'm not sure and that might be the problem, is that the remote site have their ASA 5505 behind their ISP modem, which assignes the ASA outside interface an ip of 192.168.2.10, meaning the ASA is already NATed itself. Can this be the problem?

ASA-LAN-192.168.50.1 --->ASA-WAN-192.168.2.10---->ISP-MODEM-67.99.xx.xx---->MY-ASA-WAN-209.115.xx.x---->MY-ASA-LAN-192.168.168.xx

Sorry if i'm missing any info here.
LVL 14
isaman07Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SuperTacoCommented:
That is definately your problem right there.  You can try getting the public IP address of the other ASA behind the ISP modem (the modem's IP, set the VPN to recognize and identifier, and then enable keep alives. That shoudl do it
0
isaman07Author Commented:
Hold on, can you explain that more please?
0
SuperTacoCommented:
Sorry.  I got ahead of myself. Admittedly, it's not the easiest thing to explain Basically the ASA has a static IP and the remote device has a dynamic IP.
You configure a normal site-to-site tunnel on the remote end, but on the ASA side configure a dynamic tunnel to accept the connection from the remote device.
This scenario will work, the only restriction is the tunnel will only be able to initiate from the remote end device (in the example above an IOS router).

This may shed some light on it using the CLI
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

Here's a decent EE article
http://www.experts-exchange.com/Hardware/Networking_Hardware/Q_23831665.html

You are basically going to use the public IP of the cable modem for the connection IP
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.