?
Solved

ASA 5505 (8.2) VPN Tunnel To Amazon VPC

Posted on 2015-02-12
6
Medium Priority
?
454 Views
Last Modified: 2015-02-21
Hello,

I'm trying to establish a VPN tunnel to Amazon Web Services.  I have the VPC setup on the AWS side and configured properly.  Because Amazon advertises a 0.0.0.0/0 route when they initiate the connection, the tunnel on the ASA has to be set to originate-only in the crypto map.  I've made this work fine on 9.0 ASA's, but in this 8.2 ASA the tunnel won't try to initiate even when I try to send traffic across it (in this case to the 192.168.200.0 subnet on the Amazon side).  I've attached the sanitized ASA config.  Can someone give me a clue why the tunnel won't try to initiate?

Thanks,
Toni
ASA5505-Config.txt
0
Comment
Question by:SafetyNet-TC
  • 4
  • 2
6 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40610750
I cannot guess which of obscured addressed is amazon...
0
 

Author Comment

by:SafetyNet-TC
ID: 40611307
There are two tunnels, 44.219.  Both are Amazon.  Amazon allows redundant tunnels.  Both are setup the same way.
0
 

Author Comment

by:SafetyNet-TC
ID: 40611318
Again, the ASA doesn't try to build the tunnels at all, even when traffic is sent to the 192.168.200.0 subnet.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 

Accepted Solution

by:
SafetyNet-TC earned 0 total points
ID: 40612067
It was a dumb misunderstanding....two crypto maps, one interface.  No assignment, renamed AWS to clientVPN and it fired right up.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40612116
Glad you figured it out.
0
 

Author Closing Comment

by:SafetyNet-TC
ID: 40622812
Self resolved.
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question