Chapter 8
Scenario: Site-to-Site VPN Configuration
Configuring the Other Side of the VPN Connection
Note
78-17612-02
You have just configured the local adaptive security appliance. Next, you need to
configure the adaptive security appliance at the remote site.
At the remote site, configure the second adaptive security appliance to serve as a
VPN peer. Use the same procedure that you used to configure the local adaptive
security appliance, starting with
Site" section on page 8-4
Completing the Wizard" section on page
When configuring Security Appliance 2, use the same values for each of the
options that you selected for Security Appliance 1, with the exception of local
hosts and networks. Mismatches are a common cause of VPN configuration
failures.
For information about verifying or troubleshooting the configuration for the
Site-to-Site VPN, see the section "Troubleshooting the Security Appliance" in the
Cisco Security Appliance Command Line Configuration Guide.
For specific troubleshooting issues, see the Troubleshooting Technotes at the
following location:
http://www.cisco.com/en/US/products/ps6120/prod_tech_notes_list.html
For help troubleshooting configuration issues, see the Configuration Examples
and TechNotes at the following location:
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_lis
t.html
In particular, see the technotes for Site to Site VPN (L2L) with ASA in the
Troubleshooting Technotes. The troubleshooting technotes walk you through
using commands like the following to troubleshoot the Site-to-site VPN
configuration:
show run isakmp
•
show run ipsec
•
show run tunnel-group
•
show run crypto map
•
debug crypto ipsec sa
•
Configuring the Other Side of the VPN Connection
"Configuring the Security Appliance at the Local
and finishing with
"Viewing VPN Attributes and
8-11.
Cisco ASA 5505 Getting Started Guide
8-13