Announcement

Collapse
No announcement yet.

Site2siteVPN 5510-5505

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Site2siteVPN 5510-5505

    i'm not sure if this will make sense, but will try to explain the setup i want to do.
    have one 5510 and two 5505 in different locations and would like to configure the site to site vpn.
    this is just for setting up one of the 5505 appliances:

    so, on the 5510, network is 207.x.x.x(local is 192.168.1.x) and the 5505 is 64.x.x.x (local is 192.168.2.x)

    the peer configuration on the 5510 will be the 64.x.x.x correct? and vice-versa for the 5505 207.x.x.x pointing to each others outside ip.

    both will use a common preshare key = ciscovpn

    tunnel group name will be 64.x.x.x same as the peer name of the 5510. this gets entered into the 5505 as well.

    local protected will be 192.168.1.x
    remote protected will be 192.168.2.x
    vice versa on the 5505

    does my understanding of this seem correct.
    tunnel names, preshare key,etc.

    thanks for reading

  • #2
    Re: Site2siteVPN 5510-5505

    Yep the peer info is correct. Generally the config is identical on both aside from swapping the from and to subnets (inc ACL stuff) and obviously the local config settings regarding no nat.
    I hope that was a generic forum post password of course

    The above is obviously general though. If you have a problem try posting the edited config and we can have a look!
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Site2siteVPN 5510-5505

      Originally posted by AndyJG247 View Post
      Yep the peer info is correct. Generally the config is identical on both aside from swapping the from and to subnets (inc ACL stuff) and obviously the local config settings regarding no nat.
      I hope that was a generic forum post password of course

      The above is obviously general though. If you have a problem try posting the edited config and we can have a look!
      what do you mean... obviously the local config settings regarding no nat.

      yeah the key was just an example.

      thanks for indicating specifically about the peer ip numbers being different.

      Comment


      • #4
        Re: Site2siteVPN 5510-5505

        The peer is the side you are connecting to, so each PIX/ASA has an entry for the other side. Each config (vpn aside) has its own setup with subnets etc.
        The VPN config mirrors pretty much but because each side has its own subnet then the differences are opposite for those parts (if that make sense).

        i.e.
        The acl for one side allows traffic from the local 10.0.0.0 /24 network to access the other sides 192.168.0.0 /24 network. This means the config is something like
        access-list vpn permit 10.0.0.0 255.255.255.0 192.168.0.0 255.255.255.0
        but the other side would have the opposite
        access-list vpn permit 192.168.0.0 255.255.255.0 10.0.0.0 255.255.255.0
        (for this example). Your remote protected and local protected.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment

        Working...
        X