?
Solved

site to site vpn cisco asa 5515 8.6

Posted on 2012-08-20
8
Medium Priority
?
3,333 Views
Last Modified: 2012-08-21
what are some peoples  methods of making a site to site vpn with cisco asa's..especially ones with the "new" NAT in versions after 8.3?
This will be building tunnels from scratch with a brand new out of box ASA.
Anyone got  all the config needed?
And what are some peoples favorite ways to debug vpn l2l ?
0
Comment
Question by:spiz79
  • 4
  • 2
  • 2
8 Comments
 
LVL 6

Expert Comment

by:SebastianAbbinanti
ID: 38314678
If you are unfamiliar with the CLI, consider using the ASDM. It has a Site-to-Site IPSec VPN Wizard. Its very easy to use especially when configuring two ASAs.

Thanks,
S.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38315220
Like  SebastianAbbinanti said, if you're unfamiliar (yet) with the new NAT stuff it might be easier to do it through the ASDM. If you're in for a challenge and want to learn from the experience, here's a nice page with lots of examples:
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

Here's a guide that shows the differences between the old and the new NAT: http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38315226
I also took the liberty of adding some topics to draw some extra attention to your question.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:spiz79
ID: 38316648
On the ASDM...I know i need to exempt the vpn nat stuff, (I dont want my VPN traffic getting NAT'ed)
on the selection in ASDM do I select the outside interface?
0
 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 2000 total points
ID: 38316738
You mean the VPN tunnel interface? Yes, choose outside.

Or at: Exempt ASA side host/network from address translation? No, choose inside.
0
 

Author Comment

by:spiz79
ID: 38316748
And what If I chose not to..and now I need to add the exempt "after the fact"
How abouts would I do that?
0
 
LVL 6

Expert Comment

by:SebastianAbbinanti
ID: 38316877
The wizard should automatically add the NAT exemption rules when you specify the local and remote networks.

Thanks,
S.
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 2000 total points
ID: 38316912
What you could do is to enable the option 'preview commands before sending them to the device' (under tools->preferences).
After that, set up the complete VPN with NAT exemption and press apply. ASDM will first show all the commands. Copy them and cancel. After that, set up the VPN without NAT exemption, apply and copy the commands. That way you can see what are the additional commands needed to enable NAT exemption.
0

Featured Post

Exciting career futures for women in IT

Education has the power to transform lives and open the door to new career opportunities. By earning an IT degree from WGU, you can become a highly skilled IT professional. Get the credentials and certifications you need to become a leader in this rewarding field.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question