SafetyNet-TC
asked on
ASA 5505 (8.2) VPN Tunnel To Amazon VPC
Hello,
I'm trying to establish a VPN tunnel to Amazon Web Services. I have the VPC setup on the AWS side and configured properly. Because Amazon advertises a 0.0.0.0/0 route when they initiate the connection, the tunnel on the ASA has to be set to originate-only in the crypto map. I've made this work fine on 9.0 ASA's, but in this 8.2 ASA the tunnel won't try to initiate even when I try to send traffic across it (in this case to the 192.168.200.0 subnet on the Amazon side). I've attached the sanitized ASA config. Can someone give me a clue why the tunnel won't try to initiate?
Thanks,
Toni
ASA5505-Config.txt
I'm trying to establish a VPN tunnel to Amazon Web Services. I have the VPC setup on the AWS side and configured properly. Because Amazon advertises a 0.0.0.0/0 route when they initiate the connection, the tunnel on the ASA has to be set to originate-only in the crypto map. I've made this work fine on 9.0 ASA's, but in this 8.2 ASA the tunnel won't try to initiate even when I try to send traffic across it (in this case to the 192.168.200.0 subnet on the Amazon side). I've attached the sanitized ASA config. Can someone give me a clue why the tunnel won't try to initiate?
Thanks,
Toni
ASA5505-Config.txt
I cannot guess which of obscured addressed is amazon...
ASKER
There are two tunnels, 44.219. Both are Amazon. Amazon allows redundant tunnels. Both are setup the same way.
ASKER
Again, the ASA doesn't try to build the tunnels at all, even when traffic is sent to the 192.168.200.0 subnet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad you figured it out.
ASKER
Self resolved.