I am somewhat of a newbie at this stuff but I am trying to set up a site to site vpn using two Cisco ASA 5505's. I went through the wizard on the ADSM but I can't seem to get the tunnel to come up. I have it set up as follows:
Comp #1 --- cat5 --- (inside)ASA #1(outside) --- cat5 --- (outside)ASA #2(inside) --- cat5 --- Comp #2
IP addresses: Comp 1: 134.133.56.101 ASA 1 Inside: 134.131.56.251 ASA 1 Outside: 209.165.200.226 ASA 2 Outside: 209.165.200.236 ASA 2 Inside: 134.133.57.252 Comp 2: 134.133.57.102 Note: theses are static and will not be hooked up to the internet at any time. IP addresses were arbitrarily chosen.
Comp 1 can ping ASA 1 ASA 1 can ping ASA 2(inside only) ASA 2 can ping ASA 1(inside and outside) Comp 2 can ping ASA 2
I just tried the crossover and that didn't seem to do any thing. I have been messing with ASA 1 too much so ASA 2 actually has the config that is closer to being right. I have posted that down below. If you have any questions please ask. Any help is greatly appreciated.
CONFIG FOR ASA 2:
: Saved : ASA Version 8.0(4) ! hostname ciscoasb enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names name 134.133.56.0 inside-network2 ! interface Vlan1 nameif inside security-level 100 ip address 134.133.57.252 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 209.165.200.236 255.255.255.0 ! interface Vlan5 no forward interface Vlan1 nameif dmz security-level 50 ip address dhcp ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive access-list outside_1_cryptomap extended permit ip 134.133.57.0
255.255.255.0 inside-network2 255.255.255.0 access-list inside_nat0_outbound extended permit ip 134.133.57.0 255.255.255.0 inside-network2 255.255.255.0 access-list outside_access_in extended permit ip any any pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 mtu dmz 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-613.bin no asdm history enable arp timeout 14400 nat (inside) 0 access-list inside_nat0_outbound nat (inside) 0 0.0.0.0 0.0.0.0 access-group outside_access_in in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip- disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy http server enable http 134.133.0.0 255.255.0.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs crypto map outside_map 1 set peer 209.165.200.226 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map 1 set security-association lifetime seconds 28800 crypto map outside_map 1 set security-association lifetime kilobytes 4608000 crypto map outside_map interface outside crypto isakmp enable inside crypto isakmp enable outside crypto isakmp enable dmz crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd auto_config outside !threat-detection basic-threat threat-detection statistics host threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list no threat-detection statistics tcp-intercept group-policy DfltGrpPolicy attributes vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn tunnel-group DefaultL2LGroup ipsec-attributes pre-shared-key * tunnel-group 209.165.200.226 type ipsec-l2l tunnel-group 209.165.200.226 ipsec-attributes pre-shared-key * ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global prompt hostname context Cryptochecksum:ddfe8555ed8e621f9981d66890e80365 : end asdm image disk0:/asdm-613.bin asdm location inside-network2 255.255.255.0 inside no asdm history enable