Showing results for 
Search instead for 
Did you mean: 


VPN - Config issue(I think)

Hi folks,

Having a bit of an issue with a site to site VPN I have been playing around with. Config is below and any help would be greatly appreciated!!

I originally tried to put the IP addresses on the interfaces but it did not let me do this, so I just assigned them to a VLAN and put the VLAN on the interface as an access. New to ASA so go easy on me


ASA Version 8.2(5)


hostname JBW

enable password oMTVaPwNfvlIcgg4 encrypted

passwd oMTVaPwNfvlIcgg4 encrypted



interface Ethernet0/0

switchport access vlan 10


interface Ethernet0/1

switchport access vlan 11


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


interface Vlan1

no nameif

security-level 100

ip address


interface Vlan2

no nameif

security-level 0

no ip address


interface Vlan10

description WAN

nameif outside

security-level 0

ip address


interface Vlan11

nameif inside

security-level 100

ip address


ftp mode passive

object-group network network-JBW

object-group network JBW


object-group network DDW


access-list outside_1_cryptomap extended permit ip object-group JBW object-group Data

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

http server enable

http outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set Space esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map outside_map 1 set transform-set Space

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes

hash md5

group 2

lifetime 86400

telnet timeout 5

ssh outside

ssh outside

ssh timeout 45

console timeout 0

dhcpd auto_config outside


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept


username admin password hCJxRFmes9zprLuZ encrypted

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key *****



prompt hostname context

no call-home reporting anonymous


: end

Everyone's tags (3)

VPN - Config issue(I think)

Hi John

Please add the following to your configuration:

crypto map outside_map 1 set peer

crypto map outside_map 1 match address outside_1_cryptomap


access-list nonat_inside extended permit ip object-group JBW object-group Data


nat (inside) 0 access-list nonat_inside

Let me know how it goes.

Please rate any helpful posts


Re: VPN - Config issue(I think)


It looks like your using a 5505 so yes the ip and interface variables are set against the vlan. You've highlighted your VPN plight but unfortunately provided little detail in what your requirements are:

Do you need to NAT local networks?
Whose connecting to what service in what direction?
Do you need to NAT remote networks?

Please can you provide some further details of what you hope to achieve and any security measures you wish to enforce?

Best Regards


Sent from Cisco Technical Support iPad App