cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4226
Views
0
Helpful
5
Replies

Site to Site VPN using ASA5520 and cisco 887 ADSL router (atm interface).

ekkanoocisco
Level 1
Level 1

Hi,

I am trying to configure site to site VPN using ASA5520 in my Head office and cisco 887 ADSL router with atm interface in my branch office.

I have configured the 887 router as shown in the configuration below.

crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address XX.XX.XX.XX

!
crypto ipsec transform-set mytransformset esp-3des esp-md5-hmac

!
!
!
crypto map mycryptomap 10 ipsec-isakmp
set peer XX.XX.XX.XX
set transform-set mytransformset
match address 101

!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username username password 7 DSE456CK8750KK
crypto map mycryptomap
!

!
ip route 0.0.0.0 0.0.0.0 Dialer1

ip nat pool mypool YY.YY.YY.YY YY.YY.YY.YY netmask 255.255.255.0
ip nat inside source list 120 interface Dialer1 overload
ip nat inside source route-map nonat pool mypool overload
!
access-list 100 permit ip 0.0.0.0 255.255.255.0 any
access-list 101 permit ip 10.2.2.0 0.0.0.255 172.0.0.0 0.255.255.255 log
access-list 120 permit ip 10.2.2.0 0.0.0.255 any
access-list 130 permit ip 10.2.2.0 0.0.0.255 192.0.0.0 0.255.255.255
access-list 130 permit ip 192.0.0.0 0.255.255.255 10.2.2.0 0.0.0.255

!
!
route-map nonat permit 10
match ip address 130
!

but unfortunatly the tunnel is not getting established with the ASA 5520.

Appriciate your help in this matter.

5 Replies 5

nomair_83
Level 3
Level 3

can you ping ASA outside interface from router lan interface if no then check the routing first...

and if it pings then type debug crypto isakmp and paste logs over here.

Hi,

I am able to ping the public interface of my ASA 5520 WAN.

Please find the attached configuration of my 887 Router (public ip address is fake).

ADSL_RTR#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status

IPv6 Crypto ISAKMP SA

ADSL_RTR#

I tried an extended ping from my 887 router

to my LAN ip in main office

The below output i am getting :

ADSL_RTR#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
77.69.xxx.130   89.xxx.43.88    MM_NO_STATE       2004 ACTIVE (deleted)
77.69.xxx.130   89.xxx.43.88    MM_NO_STATE       2003 ACTIVE (deleted)

IPv6 Crypto ISAKMP SA

Hi,

Now my VPN is working fine.

BUt i am not able to telnet the router form my main office through VPN tunnel.

what was youre solution in order to establish the vpn site-2-site connection?

i'd love to know, since i'm having a similar problem.

thank you

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: