Announcement

Collapse
No announcement yet.

Site to site connection (ASA to Windows 2008)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Site to site connection (ASA to Windows 2008)

    We are trying to setup a site to site connection from an ASA 5510 to a Windows 2008 R2 server. We can't find much (updated) documentation on the subject. We are very sure we have the ASA side setup correctly. We've never attempted setting this up on Windows. Is there anyone out there that is doing this type of setup? Ideally we would do ASA to ASA but the server is in the cloud and we would like to bypass the monthly charge to place a firewall in front of the cloud server.

  • #2
    Re: Site to site connection (ASA to Windows 200

    Just make sure your phase 1 and phase 2 properties are mirror images of each other on each side. Verify your crypto acl's are correct on both sides (what is encrypted and sent over the tunnel) Verify that wherever this server is hosted that they allow your ipsec vpn traffic to passthrough.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Site to site connection (ASA to Windows 200

      I used this to setup the windows side.
      support[dot]microsoft[dot]com/kb/240262

      I know it's not for Windows 2008 but it got me to a point where I can see Main and Quick Mode establish but no traffic is passing. I start a ping fro both ends. From the ASA side, I can see the tunnel up and that the ASA is transmitting (ping from the inside to the Windows server) but nothing is being received.

      Comment


      • #4
        Re: Site to site connection (ASA to Windows 200

        Do you see the tunnel established from the ASA?


        show isakmp sa


        show crypto ipsec sa
        Last edited by auglan; 2nd March 2013, 00:15.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment

        Working...
        X