Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA site to site VPN

Hello,

I am trying to create a site to site VPN using Cisco ASA and ISR:

As HQ site, I have an ASA 5505 connected to an 1801 ADSL router. Internet access out from the site is OK, and I can http onto the 1801 router from outside. I cannot seem to get to the ASA at all, the logging in the ASA seems to indicate that traffic is being denied by something.

The test site that I am trying to connect also has an 1801 router with the VPN IOS. When trying to create the tunnel, it gives error messages relating to visibility of the ASA peer. (I read this to be much the same as the above issue)

I have a running config of the ASA if it helps - I would appreciate any pointers in this area as this quite urgent for me.

Thanks in advance...

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: ASA site to site VPN

Hello Nick,

Take a look here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805e8c80.shtml

Hope it helps and please rate posts if it does!

3 REPLIES
Gold

Re: ASA site to site VPN

Hello Nick,

Take a look here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805e8c80.shtml

Hope it helps and please rate posts if it does!

New Member

Re: ASA site to site VPN

Thanks guys,

I now have the ASA refusing the VPN connection with the error message : "5 Jun 16 2008 05:46:07 713904 Group = x.x.x.x, IP = x.x.x.x, All IPSec SA proposals found unacceptable!"

Phsae 1 seems to be completed but it now falls over here.

New Member

Re: ASA site to site VPN

You will need to modify the access policies in order to access from outside interface.

Modify the icmp rules so you can see if you can ping from other site to your ASA. Once you make sure the remote site is reachable, use the vpn wizzard and you should be able to get a tunnel up.

Make sure your ASA permit the traffic from your current site,also the isakmp uses UDP port 500 which you need to open.

279
Views
0
Helpful
3
Replies