I am trying to create a site to site tunnel using the ASDM wizard on a Cisco ASA 5505.I cannot get the tunnel to connect.
Inside Network A - 10.1.1.0/24
Inside A -10.1.1.1
Outside A - 192.168.1.1 (Has Real Public Internet Address)
Inside Network B - 10.2.2.0
Inside B - 10.2.2.1
Outside B - 172.16.1.1 (Has Real Public Internet Address)
Network B is allowing address 192.168.1.1 through their firewall to create a site to site tunnel. The tunnel and traffic needs to be seen as coming from this address. Network B only allows traffic from 192.168.1.1 and not from 10.1.1.0/24.
When I go to this location Monitoring > VPN > Easy VPN Client > VPN Connection Status
I see "not tunnel established." When I attempt connect I get the following error.
"The VPN tunnel can be established from the most secure interface of this firewall which is inside 10.1.1.1. Please load the page with the URL https://10.1.1.1/vpnclient/connstatus.html
from a machine connected to that interface.
This link does not work. It prompts me about security I get a page not found error.
I cannot get the tunnel to connect no matter what changes I try or rerun the Wizard. The tunnel insists on using the inside address. I tried this and it did not work either.
ASA Config on ASA-A using fake ip addresses.
ip address 10.1.1.1 255.255.255.0
ip address 192.168.1.1 255.255.255.0
object-group network REMOTE-SERVERS
description Accessible Servers on Site to Site VPN
network-object host 10.2.2.10
network-object host 10.2.2.11
network-object host 10.2.2.12
access-list outside_1_cryptomap extended permit ip 10.1.1.0 255.255.255.0 object-group REMOTE-SERVERS
access-list inside_nat_outbound extended permit ip 10.1.1.0 255.255.255.0 host 172.16.1.1
nat (inside) 1 access-list inside_nat_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 172.16.1.1
crypto map outside_map 1 set transform-set ESP-AES-128-SHA
crypto map outside_map 1 set reverse-route
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
Thanks for your assistance.