5505 VPN

Unanswered Question
rkalia1 Sun, 05/04/2008 - 13:03
User Badges:

Your config seems to have a problem. You need to have a static IP on ASA if you are doing site-to-site VPN. Need to remove "dhcpd auto_config outside". Give static public IP to outside int. Not sure why you have crypto enabled on the inside interface and why there is dynamic map. Or maybe you have posted a partial config. If you are not using any remote vpn then you dont need dynamic map there. e.g. your crypto map config should look like this :

crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 set pfs

crypto map outside_map 1 set peer x.x.x.x

crypto map outside_map 1 set transform-set ESP-AES-128-MD5

crypto map outside_map interface outside

crypto isakmp identity address

crypto isakmp enable outside

I am in a 'Lab' environnement which could explain why I have a dynamic IP. I am testing before deployment.

Not even sure why I have a crypto map. Maybe I am missing routing or inside access permit...

Not too sure where to go from here, I guess Cisco stuff needs more understanding before understanding how to do things.

I know that I am missing basic stuff but where. Obviously, I am using the ADSM so there is many places where I can miss something.

I have deleted the VPN trying to troubleshoot but I still cannot ping anything outside but ca surf the web no problem.

I think I have the crypto enabled on the inside probably because I have to create a L2TP vpn to the SBS server si I can RDP to it. otherwise I cannot connect to it, it tries to connect but no response and fails.

Attached is another config but there is something wrong with it again.

tj.mitchell Tue, 05/06/2008 - 19:08
User Badges:
  • Bronze, 100 points or more

The DHCP address on the outside isn't a problem, I have configured it that with no issues.

I'm interested to understand what you mean it seems up and running, what is up and running? What do the debugs give you and is the configuration identical on the other side. Can you send the other configuration, also please post a debug of the devices trying to establish the connection.

I was reffering to the VPN. Its up and running and all looks ok. Except probably afew thing in the config that needs cleanup. What was the problem was that I could not ping anytihing from the inside. This was leading me to beleive that I did not have a good VPN.

Here's the 'problems' I have now. I cannot map any network drive on the sbs2003 box even if I try the \\\dir. Is there a way to enable Netbios through vpn.

Crypto is maybe needed since I need to vpn over vpn to properly connect remote office to exchange server (Microsoft L2TP)or is there another way. Maybe the proble is that the SBS box has 2 nic's but it is working ok using 2 Linksys RV-042 for other site to site vpn to the same sbs box.

Thanks for your help


This Discussion