Link to home
Create AccountLog in
Avatar of Thirst4Knowledge
Thirst4Knowledge

asked on

Cisco ASA Site to Site VPN config

Hi Experts,

I need a sanity check on an Cisco ASA firewall config.  Its been a few years since I had to work with one but im pretty sure im on the right track.

We have a user who insists that his remote site Public/peer address is 2.2.2.2 (obviously not real address) but Im sure that the config states otherwise... I know that you can name "Objects" and refer to them in ACLs and Crypto Maps or use an IP address instead.  

I think the actual IP is 1.1.1.1 as the "set peer 1.1.1.1" would suggest in the config below, but what is confusing me is that that same line also has the object name after the IP address...

so my question is...which one is it using because the VPN tunnel is actually up and working !

here is a sanitized snippet:

name 2.2.2.2 router_Remote_Site_A
name 10.x.x.x LAN_Remote_Site_A
network-object host router_Remote_Site_A
crypto map outside_map 4 match address ACL_VPN_Remote_Site_A
crypto map outside_map 4 set peer 1.1.1.1 router_Remote_Site_A

Thanks
T4K
Avatar of asavener
asavener
Flag of United States of America image

For what you've posted, it appears that the ASA would form a peer adjacency with either 1.1.1.1 or 2.2.2.2.
ASKER CERTIFIED SOLUTION
Avatar of asavener
asavener
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Thirst4Knowledge
Thirst4Knowledge

ASKER

Thanks Guys.  I will check it out