Solved

Cannot get Dynamic L2L tunnel working with 2 x Cisco ASA 5505

Posted on 2013-01-15
2
645 Views
Last Modified: 2013-01-17
I have a main location with a static IP + ASA 5505, and a second location with a dynamic IP + ASA 5505. I have never done a dynamic tunnel before, so im not sure what i missed. Attached are the scrubbed configs - thx for the help.
Note: There is an IP phone on the Dynamic side that connects to the main office phone system. Now, eventhough the VPN Tunnel is not up, it ONLY works when plugged into the LAN @ the corporate office, OR on the remote network behind the ASA - it will not work from any other internet connection - and im absolutely positive it's connecting via LAN IP and not Public IP, which is strange.
ASA-Corp-office--static-IP-.txt
0
Comment
Question by:mhdcommunications
2 Comments
 
LVL 16

Accepted Solution

by:
max_the_king earned 500 total points
ID: 38786885
Hi,

you need to add the following:

access-list l2l-vpn extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0

crypto map dyn-map 10 match address l2l-vpn

on the other side of the tunnel you need to do the "reverse" implementation (assuming your naming convention on vpn config is mirrored, otherwise change accordingly):

access-list l2l-vpn extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0

hope this helps
max
crypto map dyn-map 10 match address l2l-vpn
0
 
LVL 1

Author Closing Comment

by:mhdcommunications
ID: 38790456
Also
crypto isakmp enable outside
Thx.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Stuck in INIT/DROTHER 2 75
Cisco 3650 switch 7 66
trouble on installing syslog-ng on CentOS 7 7 99
decoding the error message TEI_ASSIGNED 8 84
Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question