Solved

ASA 5505 (8.2) VPN Tunnel To Amazon VPC

Posted on 2015-02-12
6
411 Views
Last Modified: 2015-02-21
Hello,

I'm trying to establish a VPN tunnel to Amazon Web Services.  I have the VPC setup on the AWS side and configured properly.  Because Amazon advertises a 0.0.0.0/0 route when they initiate the connection, the tunnel on the ASA has to be set to originate-only in the crypto map.  I've made this work fine on 9.0 ASA's, but in this 8.2 ASA the tunnel won't try to initiate even when I try to send traffic across it (in this case to the 192.168.200.0 subnet on the Amazon side).  I've attached the sanitized ASA config.  Can someone give me a clue why the tunnel won't try to initiate?

Thanks,
Toni
ASA5505-Config.txt
0
Comment
Question by:SafetyNet-TC
  • 4
  • 2
6 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40610750
I cannot guess which of obscured addressed is amazon...
0
 

Author Comment

by:SafetyNet-TC
ID: 40611307
There are two tunnels, 44.219.  Both are Amazon.  Amazon allows redundant tunnels.  Both are setup the same way.
0
 

Author Comment

by:SafetyNet-TC
ID: 40611318
Again, the ASA doesn't try to build the tunnels at all, even when traffic is sent to the 192.168.200.0 subnet.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Accepted Solution

by:
SafetyNet-TC earned 0 total points
ID: 40612067
It was a dumb misunderstanding....two crypto maps, one interface.  No assignment, renamed AWS to clientVPN and it fired right up.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40612116
Glad you figured it out.
0
 

Author Closing Comment

by:SafetyNet-TC
ID: 40622812
Self resolved.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question