Site-to-site vpn from SRP527W (dynamic IP) to ASA5505 (static IP)

i.whilden · ‎09-07-2011

I'm just starting to get used to the Cisco world.

I have an ASA5505 running which is on a static IP. I have just got an SRP527W for a remote worker and want to create a site-to-site VPN into the ASA.

I have a number of other router of non-cisco brand which just all dial-in and connect no problem.

On other routers I have been abloe to specify the DDNS hostname in the VPN setup so that the ASA can identify it. I'm not sure how I setup the SRP527 to connect to the ASA.

Any helpers out there?

Thanks in advance.

Andrew Hickman · ‎09-07-2011

Hi Ian,

It doesn't cover the ASA, but this might be of use:

https://supportforums.cisco.com/docs/DOC-16927

Regards,

Andy

i.whilden · ‎09-07-2011

Hi Andy,

Thanks for the document. I've looked through and whilst it isn't for the ASA there are some useful things in the PDF. I have been able to get the Tunnel to come up but I changed it to MAIN mode and set the IP in the TunnelGroup on the ASA to match my current dynamic on form the DSL provider.

So it at least proves the boxes talk to each other and that the tunnel will come up if using a fixed IP. I also founs that when making changes to the IPSec they were not being saved correctly. The remote debug showed the SRP using the old settings even after a reboot. So I deleted both the IKE and the IPSec policies and entered new ones and hey presto the tunnel came up striaght away.

I'm now going to put the dynamic settings back in but only after removing the IPSec and IKE policies once more.

Peter Sheridan · ‎03-26-2013

Hi Ian,

How did you go with this? I've got a client that wants to do the same thing and i'm not sure if its possible. My main question is, can you ping both ways? As in can you ping network devices on the remote workers side from the head office site?

Any help you could provide would be greatly appreciated

Cheers

Peter Sheridan