2.14.8 How to Setup Site to Site VPN in Cisco ASA5500 Firewall with Cisco ASDM

How to Setup Site to Site VPN in Cisco ASA5500 Firewall with ASDM

1 Introduce

This tutorial will demonstrate how to setup site to site VPN in our hardware firewall. The peer device(client end) must use the same parameters to setup the site to site VPN;

2 Define the parameters in device

2.1 Peer IP information

The peer IP should be the hardware or router IP. They are not the IPs behind the firewall or router.
The left panel are the parameters in client end. The right panel parameters are the parameters in Database Mart firewall.

2.2 IKE Parameters

  • IKE Encryption:  DES or 3DES
  • Authentication Method: MD5 or SHA
  • Diffie-HelmanGroup: Group 1 or Group 2
  • Security Association Lifetime(sec):  Less than 24 hours parameter (86400sec)

2.3 IPSEC Parameters

  • IPSEC Encryption:  DES or 3DES
  • Authentication Method: MD5 or SHA
  • Diffie-HelmanGroup: Group 1 or Group 2
  • Security Association Lifetime(sec):  Less than 24 hours parameter (86400sec)

2.4 Pre-shared key and network IP

  • The Shared Secrete Key must be the same in the peer devices;
  • The Client Source IP Address must be in different IP range. They are the IPs behind the device.

3 Check Cisco firewall ASA version

Make sure you have ASA 8.2.2 and up. You cannot connect your Windows clients if you have ASA 8.2.1 because of the Cisco software bug.

4 Start Cisco firewall IPsec VPN Wizard

Login to your Cisco firewall ASA5500 ASDM and go to Wizard > IPsec VPN Wizard ... and follow up the screens.

5 In "VPN Tunnel Type", choose "Site-to-Site"

6 Set "Remote Site Peer" parameters

  • The Peer IP is the router or firewall IP in client end.
  • The pre-shared-key must be the same in the document.

7 IKE policy

The IKE policy parameters must be the same to document.

8 IPsec Rule

The IPsec Rule parameters must be the same to document.

9 Hosts and Networks

The “Local Networks” is the IP range behind firewall of Database Mart.
The “Remote Networks” is the IP range behind firewall of our client.

10 Site to Site VPN summary

11 Save the running configuration to flash

12 Done

 

Add Feedback