Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Site to Site VPN using WAN IP Address -- Ciso ASA and Sonicwall

I am trying to setup a Site to Site VPN using WAN IP address. I am doing this because both sites local networks have same IP address range.

Below is what I added on my Cisco ASA

X.X.X.X - WAN IP for Site A - Cisco ASA

Y.Y.Y.Y- WAN IP for Site B - Sonicwall

access-list VPN_2_Remote extended permit ip host X.X.X.X host Y.Y.Y.Y

crypto map abs_map 80 match address VPN_2_Remote

crypto map abs_map 80 set peer Y.Y.Y.Y

crypto map abs_map 80 set transform-set ESP_3DES_SHA

tunnel-group Y.Y.Y.Y type ipsec-l2l

tunnel-group Y.Y.Y.Y ipsec-attributes

pre-shared-key *

What else do i need to do?

The tunnel isnt coming up. I want to do VPN only on WAN addresses.

Thanks,

Pratik

4 REPLIES

Site to Site VPN using WAN IP Address -- Ciso ASA and Sonicwall

Pratik,

The way CRYTO acl you are creating is wrong . WAN IP are never part of encryption if you know both sites have same subnet (overlapping) use policy map. That will fix your problem.

See the link below will help you to understand things-

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml

Thanks

Ajay

New Member

Site to Site VPN using WAN IP Address -- Ciso ASA and Sonicwall

I followed the document.

When I add the static for the policy-nat acl i created, i get a warning which says 'real-address conflict with existing static'

this is probably because i already have statics for different local IPs so i cannot do a static for the whole subnet.

is there any workaround for this?

Site to Site VPN using WAN IP Address -- Ciso ASA and Sonicwall

Can you post configuration ? mentioned what extra you are adding.

New Member

Site to Site VPN using WAN IP Address -- Ciso ASA and Sonicwall

This is what i get.

static (inside,outside) 192.168.10.0  access-list polic-nat

WARNING: real-address conflict with existing static

  TCP inside:192.168.1.28/3389 to outside:X.X.X.X/5389 netmask 255.255.255.255

WARNING: real-address conflict with existing static

  UDP inside:192.168.1.66/1194 to outside:X.X.X.X/1194 netmask 255.255.255.255

WARNING: real-address conflict with existing static

  TCP inside:192.168.1.41/5900 to outside:X.X.X.X/5900 netmask 255.255.255.255

WARNING: real-address conflict with existing static

  UDP inside:192.168.1.41/5900 to outside:X.X.X.X/5900 netmask 255.255.255.255

WARNING: real-address conflict with existing static

  TCP inside:192.168.1.36/3389 to outside:X.X.X.X/7389 netmask 255.255.255.255

WARNING: real-address conflict with existing static

  TCP inside:192.168.1.33/3389 to outside:X.X.X.X/8389 netmask 255.255.255.255

This all are valid statics which we use on our firewall.

972
Views
0
Helpful
4
Replies
CreatePlease to create content