cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
887
Views
0
Helpful
1
Replies

Cisco 851 ipsec vpn to ASA

craig.eyre
Level 1
Level 1

Hey All,

Scenario:

I have a cisco 851 that is connection to an ASA box. I don't have access to the ASA (outsourced company) but the 851 is local. They initially wanted to run private Ip's on the switching side but we told them thats not the standard for our company. So we came up with an option just to allow their tunnel ip through our firewall (ipsec ports only) to connect to the 851. Then use the same interface to connect to the server they need.

I'm only using the fa4 (wan) interface on the 851 with public addressing on both sides.

I can initiate the tunnel and it comes up but can't get nay data back. When we test with private addressing on vlan 1 the end user can pass data.

Eg.(not real addressing)

851 = 111.111.111.111 (fa4)

ASA = 222.222.222.222

local server = 111.111.111.112

remote server = 10.10.10.10

When the end user tries to send traffic to 111.111.111.112 (local server) it doesn't hit the tunnel it tries to go over the internet.

Any ideas? Do I need to use 1 public address on vlan 1 and one on fa4 in order for this to work. He says there crypto map is dynamic so the info should hit the tunnel.

Lost,

Craig

1 Reply 1

vmoopeung
Level 5
Level 5

These are some implementation tips for IPsec:

Make certain that you have connectivity between the endpoints of the communication before you configure crypto.

Make sure that either DNS works on the router, or you have entered the CA hostname, if you use a CA.

IPsec uses IP protocols 50 and 51, and IKE traffic passes on protocol 17, port 500 (UDP 500). Make sure these are permitted appropriately.

Be careful not to use the word any in your ACL

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: