cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
609
Views
0
Helpful
3
Replies

ASA site to site VPN

nick-williams
Level 1
Level 1

Hello,

I am trying to create a site to site VPN using Cisco ASA and ISR:

As HQ site, I have an ASA 5505 connected to an 1801 ADSL router. Internet access out from the site is OK, and I can http onto the 1801 router from outside. I cannot seem to get to the ASA at all, the logging in the ASA seems to indicate that traffic is being denied by something.

The test site that I am trying to connect also has an 1801 router with the VPN IOS. When trying to create the tunnel, it gives error messages relating to visibility of the ASA peer. (I read this to be much the same as the above issue)

I have a running config of the ASA if it helps - I would appreciate any pointers in this area as this quite urgent for me.

Thanks in advance...

1 Accepted Solution

Accepted Solutions

jmia
Level 7
Level 7
3 Replies 3

jmia
Level 7
Level 7

Hello Nick,

Take a look here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805e8c80.shtml

Hope it helps and please rate posts if it does!

Thanks guys,

I now have the ASA refusing the VPN connection with the error message : "5 Jun 16 2008 05:46:07 713904 Group = x.x.x.x, IP = x.x.x.x, All IPSec SA proposals found unacceptable!"

Phsae 1 seems to be completed but it now falls over here.

zliu81
Level 1
Level 1

You will need to modify the access policies in order to access from outside interface.

Modify the icmp rules so you can see if you can ping from other site to your ASA. Once you make sure the remote site is reachable, use the vpn wizzard and you should be able to get a tunnel up.

Make sure your ASA permit the traffic from your current site,also the isakmp uses UDP port 500 which you need to open.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: