Configuring the Other Side of the VPN Connection
Configuring the Other Side of the VPN Connection
Note
Cisco ASA 5500 Series Getting Started Guide
12-12
You have just configured the local adaptive security appliance. Next, you need to
configure the adaptive security appliance at the remote site.
At the remote site, configure the second adaptive security appliance to serve as a
VPN peer. Use the procedure you used to configure the local adaptive security
appliance, starting with
section on page 12-3
and finishing with
Completing the Wizard" section on page
When configuring Security Appliance 2, use the same values for each of the
options that you selected for Security Appliance 1, with the exception of local
hosts and networks. Mismatches are a common cause of VPN configuration
failures.
For information about verifying or troubleshooting the configuration for the
Site-to-Site VPN, see the section "Troubleshooting the Security Appliance" in the
Cisco ASA 5500 Series Configuration Guide using the CLI.
For specific troubleshooting issues, see the Troubleshooting Technotes at the
following location:
http://www.cisco.com/en/US/products/ps6120/prod_tech_notes_list.html
For help troubleshooting configuration issues, see the Configuration Examples
and TechNotes at the following location:
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_lis
t.html
In particular, see the technotes for Site to Site VPN (L2L) with ASA in the
Troubleshooting Technotes. The troubleshooting technotes walk you through
using commands like the following to troubleshoot the Site-to-site VPN
configuration:
show run isakmp
•
show run ipsec
•
show run tunnel-group
•
show run crypto map
•
Chapter 12
"Configuring the Security Appliance at the Local Site"
"Viewing VPN Attributes and
12-10.
Scenario: Site-to-Site VPN Configuration
78-19186-01