Solved

Cannot get Dynamic L2L tunnel working with 2 x Cisco ASA 5505

Posted on 2013-01-15
2
650 Views
Last Modified: 2013-01-17
I have a main location with a static IP + ASA 5505, and a second location with a dynamic IP + ASA 5505. I have never done a dynamic tunnel before, so im not sure what i missed. Attached are the scrubbed configs - thx for the help.
Note: There is an IP phone on the Dynamic side that connects to the main office phone system. Now, eventhough the VPN Tunnel is not up, it ONLY works when plugged into the LAN @ the corporate office, OR on the remote network behind the ASA - it will not work from any other internet connection - and im absolutely positive it's connecting via LAN IP and not Public IP, which is strange.
ASA-Corp-office--static-IP-.txt
0
Comment
Question by:mhdcommunications
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
max_the_king earned 500 total points
ID: 38786885
Hi,

you need to add the following:

access-list l2l-vpn extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0

crypto map dyn-map 10 match address l2l-vpn

on the other side of the tunnel you need to do the "reverse" implementation (assuming your naming convention on vpn config is mirrored, otherwise change accordingly):

access-list l2l-vpn extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0

hope this helps
max
crypto map dyn-map 10 match address l2l-vpn
0
 
LVL 1

Author Closing Comment

by:mhdcommunications
ID: 38790456
Also
crypto isakmp enable outside
Thx.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is the VPn crypto table on a Cisco ASA? 2 40
Network over eigrp 100 topology ? 3 94
Change SSH password on Cisco 4331 ISR 4 54
X.509 Cert Upload to Cisco WAP 6 58
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question