Cisco Firewall Site to Site Tunnel Issue


I am trying to create a site to site tunnel using the ASDM wizard on a Cisco ASA 5505.I cannot get the tunnel to connect.

Inside Network A -
Inside A -
Outside A - (Has Real Public Internet Address)

Inside Network B -
Inside B -
Outside B - (Has Real Public Internet Address)

Network B is allowing address through their firewall to create a site to site tunnel. The tunnel and traffic needs to be seen as coming from this address. Network B only allows traffic from and not from

When I go to this location Monitoring > VPN > Easy VPN Client > VPN Connection Status

I see "not tunnel established." When I attempt connect I get the following error.

"The VPN tunnel can be established from the most secure interface of this firewall which is inside Please load the page with the URL from a machine connected to that interface.

This link does not work. It prompts me about security I get a page not found error.

I cannot get the tunnel to connect no matter what changes I try or rerun the Wizard. The tunnel insists on using the inside address. I tried this and it did not work either.

ASA Config on ASA-A using fake ip addresses.

interface Vlan1
 nameif inside
 security-level 100
 ip address
interface Vlan2
 nameif outside
 security-level 0
 ip address

object-group network REMOTE-SERVERS
description Accessible Servers on Site to Site VPN
network-object host
 network-object host
 network-object host

access-list outside_1_cryptomap extended permit ip object-group REMOTE-SERVERS
access-list inside_nat_outbound extended permit ip host

nat (inside) 1 access-list inside_nat_outbound
nat (inside) 1

access-group outside_access_in in interface outside

crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer
crypto map outside_map 1 set transform-set ESP-AES-128-SHA
crypto map outside_map 1 set reverse-route
crypto map outside_map interface outside

crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 96800

Thanks for your assistance.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Whats you routing like

can you for instance ping ASA a outside interface from ASA b outside interface?
VizroyAuthor Commented:
From the Cisco ASA-A ( I can successfully ping Cisco ASA-B (

I have a server Network A ( and it can reach the internet.

I have 1 route.

route outside 1        

This is a fake ip, but I am using the internet ip for the gateway of my provider.
VizroyAuthor Commented:
No one on Experts Exchange  assisted. I purchased a Cisco support contract and they helped fix the problem.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
VizroyAuthor Commented:
No one on Experts Exchange  assisted. I purchased a Cisco support contract and they helped fix the problem.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.