site-site on ASA 5505

shiznity2k · ‎03-18-2013

I have configured site-site on 2 5505s. I am able to ping outside interfaces from both sites but pinging inside interfaces from the ASAs is coming up negative.

Both sites are away from each other and I have not been able to go to site to ping from internal devices. I have a client connected to each of the ASAs, sometimes I can connect to 10.0.0.5 through its wireless interface and try to ping 217.x.x.x but no reply.

Your assistance is always anticipated and appreciated

Jennifer Halim · ‎03-19-2013

I do not see any site-to-site VPN being configured on your ASA yet.

Also, you can check the ip address that is being assigned by browsing to whatismyip.com. It should tell you the external IP Address if there is no proxy server in between your network and the internet.

Secondly, I assume that you are initiating the VPN tunnel from your end towards the far end as base on the description, it seems like your ISP is just doing a PAT on the ISP router.

shiznity2k · ‎03-19-2013

thanks for getting back. I have not set up the tunnels yet because I am still trying to get internal clients to see anywhere outside first before setting anything up.

As it is, I cannot ping remote outside interface or anything outside (8.8.8.8) from inside network behind ASA, that is why I have not gone ahead to configure VPN.

Andrew Phirsov · ‎03-19-2013

You're saying that outisde interface is being assigned private IP address by your ISP via DHCP. To me, that means that all the nat-related stuff is done by ISP. Now you're trying to assign public ip to your outside interface, i.e. 81.x.x.x/24. Are u sure that ISP has address from that subnet on your side? As for what you said that provider uses the same IP as you - it can't be possible. Provider should have different IP from the same subnet.

shiznity2k · ‎03-19-2013

What I mean is, BT provided a static address after installing the line. Also provided was a BT broadband hub which provides wireless signal as well as 4 internal interfaces for wired connections.

My ASA is connected to one of the interfaces on the BT hub. If I connect a device to the hub, I get a 192.168.1.x address and get 81.x.x.x address when i do show my IP in a browser. The ASA also gets a 192.168.1.x address on its outside interface because it is set to its default which is DHCP on outside and inside. Inside addresses are 10.0.0.x/24 because I have assigned 10.0.0.1 as vlan 1 and http 10.0.0.0/24.

I had expected to be able to assign the ASA outside int to the address provided by BT. And it is 81.x.x.x 255.255.255.254 that I was given not /24 as public address

shiznity2k · ‎03-19-2013

At last I got a response from BT that makes sense.

The BT hub which the ASA is connected to should be configured as bridged for the ASA to be assigned the only static address provided.

This way, the hub acts as a connector between the ASA and the line and not as a router broadcasting wireless signal and wired connections to internet and assigning private addresses.

Now I just need to configure the outside interface of the ASA with the static address and PPoE using BT provided username, password and group.