ASA/PIX, IDS, IPS, VPN, Cisco Secure ACS, AAA, ISE.
sudo911
New Member
Posts:
1
Joined:
Mon Jun 18, 2012 6:33 am

Help with VPN setup on Cisco ASA5505 with multiple VLANs

Mon Jun 18, 2012 6:35 am

Hi Guys,

I'm trying to setup a VPN connection for the two PC's in the graphic below. I have the link between the two locations setup and secured, now I just need help with the routing elements.

Can someone let me know what I need to add to the firewall config in order to get this to work? Appreciate any help!

Image

Here is what I have:

SITE A
------
access-list mpls_vpn_sitea extended permit ip host 172.168.199.1 host 172.168.199.2
access-list mpls_vpn_sitea extended permit ip TEST-LOCAL 255.255.255.0 TEST-REMOTE 255.255.255.0
crypto map mpls_vpn 1 match address mpls_vpn_sitea
crypto map mpls_vpn 1 set peer 172.168.199.2
crypto map mpls_vpn 1 set transform-set ESP-3DES-SHA
crypto map mpls_vpn interface MPLS
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac


SITE B
------
access-list mpls_vpn_siteb extended permit ip host 172.168.199.2 host 172.168.199.1
access-list mpls_vpn_siteb extended permit ip TEST-LOCAL 255.255.255.0 TEST-REMOTE 255.255.255.0
crypto map mpls_vpn 1 match address mpls_vpn_siteb
crypto map mpls_vpn 1 set peer 172.168.199.1
crypto map mpls_vpn 1 set transform-set ESP-3DES-SHA
crypto map mpls_vpn interface MPLS
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac


do I need to specify a route between the two networks? What do I need to have for NAT statements?

thanks!

AWilderbeast
Ultimate Member
Posts:
800
Joined:
Mon Oct 20, 2008 3:49 am
Certs:
CCNA,CCNA - Securtiy, MCITP EA

Re: Help with VPN setup on Cisco ASA5505 with multiple VLANs

Mon Jun 18, 2012 10:15 am

add your nat exemptions and static routes (or routing protocols if you use them) between each site and your should be good to go!
alexwilloughby.com
CCNA, CCNA Security, MCITP EA

'

Return to Cisco Security

Who is online

Users browsing this forum: Exabot [Bot] and 28 guests