Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

lan to lan vpn between ASA and 7200 router

Hi Friends,

I need to setup lan to lan vpn between ASA(at the remote location) and 7200 router(in our network).

<7200 router (IP Add: 10.10.5.2)>------------------(Internet)------------------<(IP Add: 192.168.12.2) ASA(5510)>---- 192.135.5.0/24 network

I'm going to have the following configuration:

7200 router:

crypto isakmp policy 80

enc des

auth pre-share

group 1

lifetime 3600

crypto isakmp key cisco123 address 192.168.12.2

cryto ipsec transform-set VPNtrans esp-des esp-md5-hmac

crypto map VPNTunnel 80 ipsec-isakmp

set peer 192.168.12.2

set transform-set VPNtrans

match address 110

int fa0/0

ip add 10.10.5.2 255.255.255.192

ip virtual-reassembly

no ip route-cache

speed 100

duplex full

crypto map VPNTunnel

access-list 110 permit ip any 192.135.5.0 0.0.0.255

ASA:

int e0/0

nameif inside

security-level 100

ip add 192.135.5.254 255.255.255.0

int e0/1

nameif outside

security-level 0

ip add  192.168.12.2 255.255.255.240

access-list ACL extended permit ip 192.135.5.0 255.255.255.0 any

route outside 0.0.0.0 0.0.0.0.0  192.168.12.3 1

isakmp policy 10 auth pre-share

isakmp policy 10 enc des

isakmp policy 10 hash md5

isakmp policy 10 group 1

isakmp policy 10 lifetime 3600

crypto ipsec transform-set VPNtran esp-des esp-md5-hmac

crypto map VPN 10 match address ACL

crypto map VPN 10 set peer 10.10.5.2

crypto map VPN 10 set transform-set VPNtran

tunnel-group 10.10.5.2 type ipsec-l2l

tunnel-group 10.10.5.2 type ipsec-attributes

pre-shared key cisco123

crypto map VPN interface outside

isakmp enable outside

dhcpd address 192.135.5.1-192.135.5.250 inside

dhcpd dns 172.15.4.5 172.15.4.6

dhcpd wins 172.15.76.5 172.15.74.5

dhcpd lease 14400

dhcpd ping_timeout 500

dhcpd enable inside

please verify the configuration, please correct me if I missed something. I'm into a critical situation right now...

Please advise...

Thanks a lot...

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: lan to lan vpn between ASA and 7200 router

Where is it failing at the moment?

Can you share output of after trying to establish the VPN tunnel:

show cry isa sa

show cry ipsec sa

Please also run the following debug to see where it is failing:

debug cry isa

debug cry ipsec

1 REPLY
Cisco Employee

Re: lan to lan vpn between ASA and 7200 router

Where is it failing at the moment?

Can you share output of after trying to establish the VPN tunnel:

show cry isa sa

show cry ipsec sa

Please also run the following debug to see where it is failing:

debug cry isa

debug cry ipsec

258
Views
0
Helpful
1
Replies
CreatePlease to create content