Cisco 851 ipsec vpn to ASA

Unanswered Question
Jul 9th, 2009

Hey All,

Scenario:

I have a cisco 851 that is connection to an ASA box. I don't have access to the ASA (outsourced company) but the 851 is local. They initially wanted to run private Ip's on the switching side but we told them thats not the standard for our company. So we came up with an option just to allow their tunnel ip through our firewall (ipsec ports only) to connect to the 851. Then use the same interface to connect to the server they need.

I'm only using the fa4 (wan) interface on the 851 with public addressing on both sides.

I can initiate the tunnel and it comes up but can't get nay data back. When we test with private addressing on vlan 1 the end user can pass data.

Eg.(not real addressing)

851 = 111.111.111.111 (fa4)

ASA = 222.222.222.222

local server = 111.111.111.112

remote server = 10.10.10.10

When the end user tries to send traffic to 111.111.111.112 (local server) it doesn't hit the tunnel it tries to go over the internet.

Any ideas? Do I need to use 1 public address on vlan 1 and one on fa4 in order for this to work. He says there crypto map is dynamic so the info should hit the tunnel.

Lost,

Craig

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vmoopeung Wed, 07/15/2009 - 05:54

These are some implementation tips for IPsec:

Make certain that you have connectivity between the endpoints of the communication before you configure crypto.

Make sure that either DNS works on the router, or you have entered the CA hostname, if you use a CA.

IPsec uses IP protocols 50 and 51, and IKE traffic passes on protocol 17, port 500 (UDP 500). Make sure these are permitted appropriately.

Be careful not to use the word any in your ACL

Actions

This Discussion