Showing results for 
Search instead for 
Did you mean: 


vpn site to site between FIREWALLS

can i have on this attached network picture how to configure vpn site to site from remote location to main headoffice location 

in remote location i have 

Firewall/router: Make/Model/OS

Cisco ASA5516-X


in HO location  they have

Firewall/router: Make/Model/OS

Fortigate 3951


have only one way connection from remote location to web server (main HO) (THE CONFIGURATION WILL ONLY ON MY SIDE ASA5516-X)


can i have the step for vpv- site to site example configurations


thanks  check attached pic

amr alrazzaz

Assign this IP to the interface that is connected to the ISP.
If for example on ASA Gi0/0 ---------- ISP
And your ISP gave you for example then with the Cisco Logic on mind, you put the first IP on the Gi0/0

Interface gi0/0
ip address
nameif outside
Security-level 0
no shut

And then you have to tell the router where is the Default Route
ip route (the next IP would be the providers)

Then off course you have to build your inside LAN network and also NAT the traffic. (split-tunneling) if you have to.

thanks a lot for your great help 


yes of course my network already configured and working live with users now but the static ip address we ordered it for vpn connectivity recently after we made our configurations  so what is pending is to configure the static ip address on our network to be reachable 


so your configuration that you sent to me is the only pending to my network for static ip to be recognized on it

correct me if im wrong 


thanks again 




amr alrazzaz

just wanna ask about the the outside default route on  asa because i dont have a router , i have core switch only connected to ASA which directly connected to isp router 


so the configuration of default route on asa will be :


Route outside next hope ip address (ip of the wan interface of isp router which assign on it the static ip ?)


is it correct ?





amr alrazzaz

What do you mean Core Switch? Layer 3 Switch? do you have Routed Vlans?

So you have connected the ISP side to the Switch? So if its a Layer 3 Switch are you going to assign that IP on the Switch? I don't understand...


this is a layer 2 switch only but vlans creations - dhcp servers for each vlan with management ip addresses


so its only layer 2 switch not more , so in that case whats the answer of my question :)


thanks many thanks

amr alrazzaz

Correct, ASA has routing capabilities also. You need to put a default route on it.

i have problem after create the vpn tunnel 

The traffic is clearly not sent via the VPN tunnel but directly to the DSL router and the internet, until it reaches a dead end.


do u have any idea ? maybe the routing problem ? do i have to make default route or something ?

amr alrazzaz
Content for Community-Ad