I have a Cisco ASA 5520 and I would like to create a VPN Site to Site.
I'm not a network administrator but I have to do this VPN. I'm using the Wizard, in the Remote Site Peer window I have to select a Pre Shared Key. Is this key mine or from the peer?
Do you have any suggestions to create this VPN?
A Site to Site VPN is different thana Remote Access VPN. If you are using the wizards in ASDM there is an option for both when you start the VPN wizard (See attached screenshot). You can use a PSK in both scenarios and like stated before, the PSK has to be used on both ends. When using a PSK for remote access clients, there is an option for inserting that into the configuration on the client.
Configuring VPN for remote access does require answering some questions such as What policies do you want to enforce in Phase 1 and Phase 2? How do you want to authenticate users? What resources do you want to be made available to remote users? And many more. If you are relatively new to configuring VPNs, I suggest digging into the configuration examples and technotes to get a better understanding.
Good luck with everything. It's not too hard once you get your first one done.
Yes it is a VPN Site to Site that I want to create.
In wizard I checked VPN Tunnel type : Site to Site
VPN Tunnel Interface : OUTSIDE
Enable Inbound IPsec
IKE Policy :
Diffie-Hellman Group 5
IPSec Rule :
AES-256 SHA Group 1
Local Network : my server
Remote Network : subnet from client
After finished, I have a rule in ACL Manager in VPN for Outside_1_cryptomap with the netwoks which I selected.
Do I have to add some others rules in the firewall too?
The VPN Site to Site is configured.
I the Monitoring from ASA I have some errors like :
4|May 04 2012|11:57:01|402116|Client-PublicIP||188.8.131.52||IPSEC: Received an ESP packet (SPI= 0x2AF9D901, sequence number= 0x3) from Client-PublicIP (user= 184.108.40.206) to 220.127.116.11. The decapsulated inner packet doesn't match the negotiated policy in the SA. The packet specifies its destination as 18.104.22.168, its source as Client-PublicIP, and its protocol as 1. The SA specifies its local proxy as DMZ2/255.255.255.255/0/0 and its remote_proxy as Client-Subnet/255.255.255.0/0/0.
What is wrong?