Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1720
Views
0
Helpful
1
Replies

ASA Site to Site VPN

1janwalli
Level 1
Level 1

‎02-23-2011 12:39 PM

Hello

I use a ASA 5510 and a ASA 5505 and want to connect 2 networks via VPN
ASA software version is 8.41.
Network 1 has address 192.168.90.0
Network 2 has the address 192.168.5.0

I use site to site VPN wizard on both asa and create the VPN connection.
do I need to create acl after that?
the PCs on network 1 must have access to a resource in the network 2
how do I create static routing to connect the both Network.

Sincerely

Jan

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎02-23-2011 12:44 PM

Hi,

If you're following the VPN wizard on ASDM, you should get asked about the protected networks that are going to be communicating through the tunnel (ACLs).

After the wizard finishes it will show the configuration that is going to be applied for this tunnel.

There are several kind of ACLs that you should be concerned about.

Crypto ACLs --> to encrypt the traffic between sites

NAT ACLs --> to define which traffic is going to be exempt from NAT (interesting traffic)

Interface ACLs --> to permit traffic to flow through the interface

VPN traffic is by default exempt of being check by the outside interface ACL so you don't need to worry about it.

If you're doing everything from the CLI you should pay close attention to all the commands and ACLs, but if just following the wizard via ASDM, then the ASA should pretty much create the configuration that you need for you (obviosuly this depends on what configuration is already in place in the ASA).

Hope it helps.


Federico.

0 Helpful
Customers Also Viewed These Support Documents