Solved

ASA 5505 (8.2) VPN Tunnel To Amazon VPC

Posted on 2015-02-12
6
402 Views
Last Modified: 2015-02-21
Hello,

I'm trying to establish a VPN tunnel to Amazon Web Services.  I have the VPC setup on the AWS side and configured properly.  Because Amazon advertises a 0.0.0.0/0 route when they initiate the connection, the tunnel on the ASA has to be set to originate-only in the crypto map.  I've made this work fine on 9.0 ASA's, but in this 8.2 ASA the tunnel won't try to initiate even when I try to send traffic across it (in this case to the 192.168.200.0 subnet on the Amazon side).  I've attached the sanitized ASA config.  Can someone give me a clue why the tunnel won't try to initiate?

Thanks,
Toni
ASA5505-Config.txt
0
Comment
Question by:SafetyNet-TC
  • 4
  • 2
6 Comments
 
LVL 61

Expert Comment

by:gheist
ID: 40610750
I cannot guess which of obscured addressed is amazon...
0
 

Author Comment

by:SafetyNet-TC
ID: 40611307
There are two tunnels, 44.219.  Both are Amazon.  Amazon allows redundant tunnels.  Both are setup the same way.
0
 

Author Comment

by:SafetyNet-TC
ID: 40611318
Again, the ASA doesn't try to build the tunnels at all, even when traffic is sent to the 192.168.200.0 subnet.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Accepted Solution

by:
SafetyNet-TC earned 0 total points
ID: 40612067
It was a dumb misunderstanding....two crypto maps, one interface.  No assignment, renamed AWS to clientVPN and it fired right up.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40612116
Glad you figured it out.
0
 

Author Closing Comment

by:SafetyNet-TC
ID: 40622812
Self resolved.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now