Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
870
Views
0
Helpful
16
Replies

Site-To-Site VPN

Go to solution
Stephen Sisson
Level 1
Level 1

‎07-31-2013 12:32 PM - edited ‎03-11-2019 07:19 PM

Hello everyone,

We need some with site to site vpn from our current location to another customer’s site

we configured both sites ASA firewalls and see traffic in the logs, not able to connect - maybe we missed something, we need your help

Sending both ASA config files created during setup

I also set the route outside 0 0 to default gateway on both ASA's, able to ping each other

Thank you

Labels:
15365008-PCS-EW-VPN_31-Jul-13.txt.zip
15365009-PCS-lab-EW-VPN_31-Jul-13.txt.zip
0 Helpful
16 Replies 16

Go to solution
Stephen Sisson
Level 1
Level 1
In response to Stephen Sisson

‎08-01-2013 07:18 AM

Jouni,

I followed your instruction as requested, because you are the expert and I'm not - you are right this is working now.

Dude - How amazing you are to see the mess and know what's needed to fix this.

I have another question about the Cisco site-to-site video, why some of the stuff left out like the routing outside, the Access-list

What can I do to learn the Access-list, NAT commands; I really need to understand when to use what.

Thank you my Friend - you are Awesome

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Stephen Sisson

‎08-01-2013 07:51 AM

Hi,

I am not sure what Video is in question. I probably have not seen it. If I would have to guess then I think the Video probably presumes that you got a working network setup with the ASA or Router and then want to add the L2L VPN Connection and therefore doesnt provide the basic configurations like interface, ACL and routing.

The ACL I mentioned in your configuration above basically tells the ASA what traffic it should send through the L2L VPN connection. So you want to tunnel traffic between these 2 LAN network so naturally you configure them as source and destination depending on which side ASA you are doing configuration one.

The important thing to notice with NAT is that its done before any VPN negotiation takes place. So the hosts connecting through the ASA that want to connect to a remote network behind a L2L VPN must have a NAT rule that matches the L2L VPN ACL I mentioned earlier. In other words we need to tell the ASA that you should NOT do any NAT when the source and destination network are these network defined in the L2L VPN ACL.

The NAT0 / NAT Exempt type configuration is usually needed to tell the ASA that dont NAT the traffic between these 2 LAN network. The only exception is I guess a situation where you use an ASA purely as VPN device and not user traffic to Internet flow through it. In such a setup you can actually leave an ASA without any NAT configurations.

I am not sure if I made any sense in the above. I guess the easier way to explain would be to have specific questions about some aspects of the configurations.

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card