cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1183
Views
0
Helpful
4
Replies

vpn client to site to site vpn question??

Dear all,
i have cisco router 887 will be connected site to site with cisco asa 5510. Cisco router act as a client and asa as a server.
If i connect to the router using cisco vpn client, can i reach to the subnets behindthe ASA? using site to site vpn between cisco router and ASA?? is that possible? If yes, how and which site to site vpn to use between the router and the asa, easy or dynmic vpn taking into consideration the below is configured in the cisco router.
Note: i have to use ctcp port 10000 as there is adsl nat to the router, without it- vpnclient doesn't work.
!
crypto ctcp port 10000
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp client configuration group cisco
 key ****
 pool mypool
 acl 101
 save-password

!
crypto isakmp profile ciscocp-ike-profile-1
   match identity group cisco
   client authentication list ciscocp_vpn_xauth_ml_2
   isakmp authorization list ciscocp_vpn_group_ml_2
   client configuration address respond
   virtual-template 1
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-md5-hmac
 mode tunnel
!
crypto ipsec profile CiscoCP_Profile2
 set transform-set ESP-3DES-SHA
 set isakmp-profile ciscocp-ike-profile-1
!
interface Virtual-Template1 type tunnel
 ip unnumbered Vlan10
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CiscoCP_Profile2
!

regards,

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

This URL help detailed config as per your requirement, use that document and configure and test.

if you have any issue post the logs.

 

http://netlabbuilder.net/cisco-ios-site-to-site-ipsec-ikev1-vpn-tunnel-with-cisco-asa/

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Dear balaji.bandi,

Please refer to my detailed reply and feedback.

 

regards

MinhLeSG
Level 1
Level 1

Firstly, the Router could connect to ASA using VPN in order to connect 2 LAN Network of your company. Besides that, it is easier if yours 2 LAN networks is not the same segment.

 

Secondly, you could refer to this link below for the IPSec configuration guide:

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/119425-configure-ipsec-00.html

 

Hopefully, it will help. If are there any problems, please upload the logs or the error details.

Thanks balaji.bandi & MinhLeSG for your replies.
I would like to inform you that the ASA is version 8.0 and links you provide are for version 9 and above.
Here to put things clear:
Cisco router pool for vpn clinet is  192.168.169.1 192.168.169.10
Router lan network: 172.16.0.0/24,
Router wan is 172.16.10.100 connected to adsl modem 172.16.10.254, ADSL modem has static public ip address which receive vpn client connection. VPN Client Configuration is configured and tested successfully as shown in original post.

ASA inside: 192.168.0.0/24

ASA outside: 192.168.10.0/24 which is like above, connected to adsl modem having static public ip address.

 

Needs router and ASA (ver 8) site to site vpn configuration in which vpn client after connecting to the router can access the ASA inside.???!!!

 

regards