Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 851 ipsec vpn to ASA

Hey All,


I have a cisco 851 that is connection to an ASA box. I don't have access to the ASA (outsourced company) but the 851 is local. They initially wanted to run private Ip's on the switching side but we told them thats not the standard for our company. So we came up with an option just to allow their tunnel ip through our firewall (ipsec ports only) to connect to the 851. Then use the same interface to connect to the server they need.

I'm only using the fa4 (wan) interface on the 851 with public addressing on both sides.

I can initiate the tunnel and it comes up but can't get nay data back. When we test with private addressing on vlan 1 the end user can pass data.

Eg.(not real addressing)

851 = (fa4)


local server =

remote server =

When the end user tries to send traffic to (local server) it doesn't hit the tunnel it tries to go over the internet.

Any ideas? Do I need to use 1 public address on vlan 1 and one on fa4 in order for this to work. He says there crypto map is dynamic so the info should hit the tunnel.




Re: Cisco 851 ipsec vpn to ASA

These are some implementation tips for IPsec:

Make certain that you have connectivity between the endpoints of the communication before you configure crypto.

Make sure that either DNS works on the router, or you have entered the CA hostname, if you use a CA.

IPsec uses IP protocols 50 and 51, and IKE traffic passes on protocol 17, port 500 (UDP 500). Make sure these are permitted appropriately.

Be careful not to use the word any in your ACL