L2L ASA5505

Unanswered Question
Sep 16th, 2008
User Badges:


I wish to setup a L2L between 2 ASA 5505. Both of them have a public ip address on outside interface and RFC1918 compliant address on the inside interface.

I've followed the guidelines in this document: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml

However, as expected, the next hop router (belonging to ISP) drops the packets with a private destination address since these networks are unknown.

I figure i have to setup the IPSec in tunnel mode and not transport mode, because in this way the IP source and destination addresses are hidden and they can traverse the public network.

How i can deal with this problem?

The configuration on the 2 ASA is almost the same as the one proposed by the guideline, excepts for the inside (private) and outside (public) addresses

Thank you anticipately

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Wed, 09/17/2008 - 03:32
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

can upost ur ASA config to assist u in this config

Carlo Zaina Mon, 09/22/2008 - 00:17
User Badges:


I've attached the configurations of each firewall.

Please note however one firewall has a public ip address on the outside interface, whereas the other has a private ip address, translated from the ISP's router to (In the previous post i wrote both were with a public ip address)

Thank you anticipately



This Discussion