Solved

ASA 5505 (8.2) VPN Tunnel To Amazon VPC

Posted on 2015-02-12
6
415 Views
Last Modified: 2015-02-21
Hello,

I'm trying to establish a VPN tunnel to Amazon Web Services.  I have the VPC setup on the AWS side and configured properly.  Because Amazon advertises a 0.0.0.0/0 route when they initiate the connection, the tunnel on the ASA has to be set to originate-only in the crypto map.  I've made this work fine on 9.0 ASA's, but in this 8.2 ASA the tunnel won't try to initiate even when I try to send traffic across it (in this case to the 192.168.200.0 subnet on the Amazon side).  I've attached the sanitized ASA config.  Can someone give me a clue why the tunnel won't try to initiate?

Thanks,
Toni
ASA5505-Config.txt
0
Comment
Question by:SafetyNet-TC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40610750
I cannot guess which of obscured addressed is amazon...
0
 

Author Comment

by:SafetyNet-TC
ID: 40611307
There are two tunnels, 44.219.  Both are Amazon.  Amazon allows redundant tunnels.  Both are setup the same way.
0
 

Author Comment

by:SafetyNet-TC
ID: 40611318
Again, the ASA doesn't try to build the tunnels at all, even when traffic is sent to the 192.168.200.0 subnet.
0
Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

 

Accepted Solution

by:
SafetyNet-TC earned 0 total points
ID: 40612067
It was a dumb misunderstanding....two crypto maps, one interface.  No assignment, renamed AWS to clientVPN and it fired right up.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40612116
Glad you figured it out.
0
 

Author Closing Comment

by:SafetyNet-TC
ID: 40622812
Self resolved.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question