Cisco ASA 5505

dances1960
dances1960 used Ask the Experts™
on
Hi

I am trying to create a site to site VPN on two ASA 5505's , I have already have three VPN's working so don't feel confident making changes so I'm using the ADSM for ease.
This remote site has an internal address of192.168.6.0 but we have just changed ISP providers and the set up they use has confused me as to which range I use.
The router has an IP address of 10.0.2.27, gateway 10.0.2.25 which then translates to a public IP address of lets say 1.1.1.1.
I have this side packet transferring to my main office ok but from the main office I am unsure how to configure the site to site.
Do I use the inside network address range of 192.168.6.0 ? I cant seem to get the main office site to site working or should I be using the 10.0.2.27 address somewhere?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Pete LongTechnical Consultant
Commented:
You would set the 'peer' address as 1.1.1.1 and you would set the destination 'subnet' or 'network address' as 192.168.6.0/24.

Cisco ASA5500 Site to Site VPN from ASDM
Pete
Systems Engineer
Commented:
You should check on your provider if the static ip adress is exclusive to your upstream. To set up the Site2Site VPN you would need to specifiy the ip address 1.1.1.1 as peer address on your main office firewall.

Since you are using ASDM you would need to specifiy a local and remote network range which are the network ranges which should be able to communicate with each other over the IPSEC VPN tunnel.

If the tunnel does not form even though you did use the correct parameters for Peer IP address and cryptomap entry (local & remote network) make sure you have NAT-T enabled.

Author

Commented:
Thank you for your help, all working now.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial