Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to create a site-to-site VPN with a SA520w and an ASA5510

I am looking for some direction or a specific examples of setting up a site to site VPN using the Sa520w and an ASA5510. the 520 is at the remote location and the ASA is at the main office. Traffic needs to flow in both directions. I have done some test using the wizards on both devices and have had success creating the VPN but have not been able to get traffic to route through the tunnel. any help would be greatly appreciated. 

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to create a site-to-site VPN with a SA520w and an ASA551

Actually, you can have different subnets on a single IPSEC tunnel with the SA500.

To do this, Create 1 IKE Policy.

Then, create several VPN Policies with the different IP address ranges.  On each of these VPN Policies, select the same IKE profile. 

3 REPLIES
New Member

Re: How to create a site-to-site VPN with a SA520w and an ASA551

The basic idea is to make sure the whole subnet is allowed through the VPN tunnel. The ASA is an enterprise device and is considerably more robust in capabilites, however the SA is slightly more limited in the fact that you cannot route multiple subnets through the vpn tunnel.

Make sure you have the SA set to allow the remote subnet access to the local network.

One thing I have not tried is setting up a "supernet" if you will.

For example....

Site A has 5 networks with the 192.168.x.x prefix and a subnet mask of /24.

Site B has 5 networks with the 10.2.x.x prefix and the subnet mask of /24.

Site A will advertise 192.168.0.0 /16 through the VPN tunnel and Site B will advertise 10.2.0.0 /16 the opposite way.

Therefore, if Site A has the SA you could set the remote lan ip for 10.2.0.0//// 255.255.0.0

I have not personally tested this but I think it could be done and actually work. If you do try this, please let us know how it goes.

Bill

P.S. Does the tunnel actually connect, or does the status stay as IPSec not established.

Re: How to create a site-to-site VPN with a SA520w and an ASA551

Actually, you can have different subnets on a single IPSEC tunnel with the SA500.

To do this, Create 1 IKE Policy.

Then, create several VPN Policies with the different IP address ranges.  On each of these VPN Policies, select the same IKE profile. 

New Member

Re: How to create a site-to-site VPN with a SA520w and an ASA551

Thanks for the help, as it turned out we ended up using a 5505 to connect to the 5510 this ended up being a better solution then the SW 520. 

1367
Views
0
Helpful
3
Replies