asa site to site vpn

hamed alaz · ‎11-27-2018

we have centralize ASA 5525 and we want to create vpn with location 1 and 2

we already created site to site vpn with location 1

gateway is 134.x.x.x

now we want to add anoter site-to-site vpn with location 2

gateway of location 2 is 62.x.x.x.x

the tunnel with location 1 is working

but not working with location 2

attachment include the configuration

Sheraz.Salim · ‎11-28-2018

You could set up the ASA with a dynamic crypto map. That way the ASA will accept VPN connections from dynamically assigned IPs on the remote host, so long as all other parameters match up the vpn will be established.

Have a look at this link for the configuration:

https://www.fir3net.com/Firewalls/Cisco/how-to-configure-a-cisco-asa-site-to-site-vpn-between-a-static-and-dynamic-ip-based-peers.html

please do not forget to rate.

Kasun Bandara · ‎11-28-2018

Hi,

at point 1 i saw you have 2 default routes.

route outside 0.0.0.0 0.0.0.0 134.x.x.x 1

route outside 0.0.0.0 0.0.0.0 62.x.x.x 1

i am not sure what is the exact use of 'em. i suggest to remove them and add only one default route to your internet provider's gateway IP (as i guess its withing range 134.x.x.x - route 1). VPN traffic routing is automatically doing with the 'match' command ACL in VPN crypto MAP settings.

regards,

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB