Initiating/Forcing VPN Tunnel connections

Unanswered Question
Feb 12th, 2010
User Badges:

Greetings,


I'm attempting to force/initiate a Cisco ASA VPN tunnel connection from a remote location and I'm wondering if there is a way to make the Isakmp and Ipsec SAs come up from either the command prompt or from the ASDM.


In the past when configurting VPN tunnels (correct me if I'm wrong) I've had a host on either end of each ASA that I've been able to run a PING from that eventually forced the tunnel to come up on both sides. I'm creating these tunnels remotely and don't have that luxury.


The ASAs are 5550s and I do have SSH/HTTP access to them both.


Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Fri, 02/12/2010 - 12:51
User Badges:
  • Green, 3000 points or more

Hi,


If you enter the command:


management-access inside


Then you can do a:


ping inside 1.1.1.1


assuming that the 1.1.1.1 is an IP at the other end of the tunnel (part of the interesting traffic), and that the local interface is named ''inside''


In this way, you can bring up the tunnel from either ASA (without having any host on the local network to test with).


The only things to keep in mind is that the inside IP of the ASA should be part of the interesting traffic for this to work.


Let me know.


Federico.

Actions

This Discussion