Re: Problem in configuring IPSec VPN

asfar.zaidi · ‎04-30-2008

Hi Guys

On my remote site I have configure ASA 5510 behind the Telco ADSL Modem which has a dynamic IP , all traffic is patted on ASA and Modem.

On my Head Office VPN will be terminated on Juniper Firewall with static IP address.

But VPN tunnel is not comming up

Regards/Asfar

kapish.mohole · ‎04-30-2008

Hi, to understand it properly, are you trying to create LAN to LAN VPN? Is the IP on outside interface of remote location's ASA dynamically assigned?

Put here both end's ASA VPN config and outside interface config.

Regards

asfar.zaidi · ‎04-30-2008

The IP address on the outside is statically assign because its connected to Telco Router ,

Outside of Telco Router is dynamically assigne as it is ADSL.

kapish.mohole · ‎05-01-2008

Hi, here your IP on outside interface is 10.10.10.6. In order to establish LAN to LAN VPN, on head office VPN router you need to set peer's public IP address for remote ASA but you don't have it as your remote ASA is behind the ADSL router and can not get public IP, you will need static public IP address on outside interface. Make sure isakmp is enabled on outside interface.

Right now VPN can not be established as the ASA outside IP is private IP and VPN traffic initiated from remote office can not reach the ASA. It will reach once ASA has a public IP and you configure that IP as peer on your head office router.

Look at the ADSL router for any possibilities of IP assignment or NAT.

Rate me if this is helping you.

Regards

Kapish