Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1484
Views
0
Helpful
3
Replies

Configuring Site-to-Site VPN

kepademus
Level 1
Level 1

‎08-20-2012 04:48 AM

I need to configure Site-to-Site VPN (PSK) between two offices. Both offices have ASA 5505 firewall. Office 2 ASA is going to be behind NAT router (ISP) and it's not possible to turn NAT off. There is still a static IP address. Office 1 has a static public IP address and this IP is directly configured to ASA.

Can someone help me a bit. I'm very unfamiliar with ASA. From my understanding the NAT won't be a problem when the VPN connection is started from the device that sits behind the NAT router?

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎08-20-2012 05:24 AM

You are right, if the ASA behind the NAT initiates the VPN, then the NAT-device doesn't need any forwarding configured. The ASA just needs to be able to connect to the internet. On both ASAs NAT-Traversal needs to be enabled, but thats the default.

You can use the VPN-Wizard in ASDM to configure the VPN. On the ASA with the public IP (wothout NAT) just use the other sides public IP of the NAT-device as the peer adress. With that the VPN should work.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

kepademus
Level 1
Level 1
In response to Karsten Iwen

‎08-20-2012 05:32 AM

Thank you karsten! That was helpful. I don't like wizards so I will try to configure VPN manually with CLI.

0 Helpful

Karsten Iwen
VIP
VIP
In response to kepademus

‎08-20-2012 05:38 AM

CLI is even better! Take a look at the following example and the L2L-section in the config-guide:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml

v8.2: http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/site2sit.html

v8.4: http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_site2site.html

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents