Cisco Support Community
Community Member

ASA 5510 vpn connection to ASA 5505, making ASA 5510 as a hardware vpn client mode?

Hi am new to cisco..

i want to connect to asa 5505 (office 1) using vpn from ASA 5510(office 2)...

The network guy in office 1 has asked me to setup ASA 5510 has hardware client mode.

i have the following details from office 1

host peer address of office 1 :  A.B.C.D,

phase 1 encryption : DES

phase 1 Authen : SHA

Diffie helman : group 2

Groupname : MNC

IP Schema remote site network :

password : Cisco$123

In asa 5510 ,


ASA Version 8.2(5)
hostname CISCOASA
enable password 5EpARJwwtf4VFC9S encrypted
passwd 5EpARJwwtf4VFC9S encrypted
interface Ethernet0/0
nameif outside
security-level 0
pppoe client vpdn group DADA
ip address pppoe setroute
interface Ethernet0/1
nameif inside
security-level 100
ip address
interface Ethernet0/2
no nameif
no security-level
no ip address
interface Ethernet0/3
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address
ftp mode passive
access-list 124 extended permit esp any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http management
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group DADA request dialout pppoe          
vpdn group DADA localname uaccdifc             
vpdn group DADA ppp authentication pap          
vpdn username DADAKFC password ASASWS         
dhcpd dns
dhcpd address inside
dhcpd enable inside
dhcpd address management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password /hm4tfghc/PTy3tny encrypted
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
: end

What more i need to add to get the vpn connected with ASA 5510?

please help me...

Awaiting the response



ASA 5510 vpn connection to ASA 5505, making ASA 5510 as a hardwa

Hi Ameer,

Only ASA5505 can be configured as hardware vpn client.

In your case, what you can do is to have a site to site vpn connection between ASA5505 and ASA 5510. Please do refer the link below referring to similar topology as yours.




Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries
CreatePlease to create content