Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

5505 VPN

I have set a site-to-site vpn and seems up and running. I cannot see any trafic going through so there's gottta be something wrong, by ping or anything. Attached is the config. I have tried to open other ports and other things but still can't work.


New Member

Re: 5505 VPN

Your config seems to have a problem. You need to have a static IP on ASA if you are doing site-to-site VPN. Need to remove "dhcpd auto_config outside". Give static public IP to outside int. Not sure why you have crypto enabled on the inside interface and why there is dynamic map. Or maybe you have posted a partial config. If you are not using any remote vpn then you dont need dynamic map there. e.g. your crypto map config should look like this :

crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 set pfs

crypto map outside_map 1 set peer x.x.x.x

crypto map outside_map 1 set transform-set ESP-AES-128-MD5

crypto map outside_map interface outside

crypto isakmp identity address

crypto isakmp enable outside

New Member

Re: 5505 VPN

I am in a 'Lab' environnement which could explain why I have a dynamic IP. I am testing before deployment.

Not even sure why I have a crypto map. Maybe I am missing routing or inside access permit...

Not too sure where to go from here, I guess Cisco stuff needs more understanding before understanding how to do things.

I know that I am missing basic stuff but where. Obviously, I am using the ADSM so there is many places where I can miss something.

New Member

Re: 5505 VPN

I have deleted the VPN trying to troubleshoot but I still cannot ping anything outside but ca surf the web no problem.

I think I have the crypto enabled on the inside probably because I have to create a L2TP vpn to the SBS server si I can RDP to it. otherwise I cannot connect to it, it tries to connect but no response and fails.

Attached is another config but there is something wrong with it again.


Re: 5505 VPN

The DHCP address on the outside isn't a problem, I have configured it that with no issues.

I'm interested to understand what you mean it seems up and running, what is up and running? What do the debugs give you and is the configuration identical on the other side. Can you send the other configuration, also please post a debug of the devices trying to establish the connection.

New Member

Re: 5505 VPN

I was reffering to the VPN. Its up and running and all looks ok. Except probably afew thing in the config that needs cleanup. What was the problem was that I could not ping anytihing from the inside. This was leading me to beleive that I did not have a good VPN.

Here's the 'problems' I have now. I cannot map any network drive on the sbs2003 box even if I try the \\\dir. Is there a way to enable Netbios through vpn.

Crypto is maybe needed since I need to vpn over vpn to properly connect remote office to exchange server (Microsoft L2TP)or is there another way. Maybe the proble is that the SBS box has 2 nic's but it is working ok using 2 Linksys RV-042 for other site to site vpn to the same sbs box.

Thanks for your help