L2L VPN Tunnel through Network Based Firewall?

hernandezr1 · ‎02-18-2015

We are trying to initiate a site-to-site VPN tunnel to a 3rd party vendor so that one of our financial apps can connect to their server. We have Windstream as our ISP and we've connected our FW outside interface to a port on their MPLS router. We're supposed to traverse their MPLS network and go out of their Network-based firewall and out to the internet. I can confirm that I can access the internet when I plug my laptop into our ASA5505. I can also ping the private IP address of the 3rd Party server. However, my ASA isn't showing any VPN sessions. How can that be? I've run all the sh vpn-sessiondb commands, sh crypto ipsec sa, sh crypto ikev1 sa and sh crypto isakmp sa commands but everything says there's no tunnel established? I'm at a loss as to how it seems to be working but we have no l2l tunnel established. We're going to test routing traffic over the connection to test the finance application's access to the remote server.

Remote Server IP - 172.20.112.62/24

Router G0/1 - 10.75.100.1/24

Firewall Outside Interface - 10.75.100.254/24

Firewall Inside Interface - 190.69.100.252/24 (Yes, I know it's not an RFC 1918 Standard Private Subnet. I'm working to change that)

Laptop IP address 190.69.100.23/24; default gateway 190.69.100.252

It's my second week on the job and I'll be working on cleaning up the non-standard internal network IPs.

Peter Koltl · ‎02-22-2015

You are not mixing up LAN-toLAN (IPsec) VPN and MPLS VPN, are you? I guess you are already connected to the same MPLS VPN as the 3rd party server. You don't need an IPsec VPN tunnel for IP connectivity but you might need a VPN tunnel to provide encryption.