IPSec VPN - Packet Life

23 posts

2 Dec 2010 at 6:38 p.m. UTC

Hello ,I need a VPN between two ASAs,but I want ALL traffic to be encrypted. In other words all the packets passing over the link I need to be encrypted regardless source or destination IP address.

Thanks.

luismg

130 posts

3 Dec 2010 at 7:40 a.m. UTC

So go and check how you set up a GRE tunnel with IPSEC on an ASA there is plenty of documentation out there.

kamarale

23 posts

3 Dec 2010 at 6:22 p.m. UTC

Thanks but GRE is not supported in PIX/ASA.

luismg

130 posts

4 Dec 2010 at 4:19 p.m. UTC

anyway you don't need to ask for that, look for it. No say could you please provide me the full configuration for this?

kamarale

23 posts

7 Dec 2010 at 11:39 a.m. UTC

luismg thanks for nothing,if I ask is because I didnt find it. Next time save your words.

luismg

130 posts

7 Dec 2010 at 2:50 p.m. UTC

Look for ASA site to site vpn

http://www.google.es/search?q=ipsec+tunnel+cisco+asa&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:es-ES:official&client=firefox-a#hl=en&expIds=17259,17291,20782,23756,24878,27400,27744,27788&xhr=t&q=asa+site+to+site+vpn&cp=11&pf=p&sclient=psy&client=firefox-a&rls=org.mozilla:es-ES%3Aofficial&aq=0&aqi=&aql=&oq=asa+site+to+&gs_rfai=&pbx=1&fp=70c82874026f0405

You have a lot of info and good ones like cisco website http://www.cisco.com/en/US/docs/security/asa/asa71/getting_started/asa5500/quick/guide/sitesite.html

First look second ask

nola

22 posts

8 Dec 2010 at 8:07 p.m. UTC

Welcome to networking.....do your research and THEN bring your problems to internet forums.

I find it hard to believe you exhausted all research options on a subject as common as this.

MrGRinch

31 posts

14 Dec 2010 at 5:17 a.m. UTC

Actually ALL traffic in VPN tunnel are encrypted, that's the point of VPN (Virtual Private Network). Just create site to site VPN and enjoy.

Sincerely, GRinch

bluepackets

13 posts

16 Dec 2010 at 4:12 a.m. UTC

In regards to the OP, he's correct, the ASA/PIX platform does not support the termination of GREs.

Additionally, a site-to-site VPN between a set of ASA/PIXs does not imply that all traffic between these sites will use the VPN. You must specify the hosts and networks at both sites that are permitted to use the VPN. There's a semi-tutorial here using the GUI: http://cisco.biz/en/US/docs/security/asa/asa83/getting_started/5580/guide/sitvpn.html

tulga

1 post

4 Jan 2011 at 1:46 a.m. UTC

Hey all, i created Site to Site VPN, followed this one :http://articles.techrepublic.com.com/5100-10878_11-6130365.html

And created VPN and showed sa few days ago, but now when i type :

show cry isa sa - it is showing empty, but when create static route for specific ip and route it through VPN and it is pinging, looks like it is up?!

ACtually it s our backup link, so maybe if we don't use ISA getting empty?

kamarale 23 posts	2 Dec 2010 at 6:38 p.m. UTC Hello ,I need a VPN between two ASAs,but I want ALL traffic to be encrypted. In other words all the packets passing over the link I need to be encrypted regardless source or destination IP address. Thanks.
luismg 130 posts	3 Dec 2010 at 7:40 a.m. UTC So go and check how you set up a GRE tunnel with IPSEC on an ASA there is plenty of documentation out there.
kamarale 23 posts	3 Dec 2010 at 6:22 p.m. UTC Thanks but GRE is not supported in PIX/ASA.
luismg 130 posts	4 Dec 2010 at 4:19 p.m. UTC anyway you don't need to ask for that, look for it. No say could you please provide me the full configuration for this?
kamarale 23 posts	7 Dec 2010 at 11:39 a.m. UTC luismg thanks for nothing,if I ask is because I didnt find it. Next time save your words.
luismg 130 posts	7 Dec 2010 at 2:50 p.m. UTC Look for ASA site to site vpn http://www.google.es/search?q=ipsec+tunnel+cisco+asa&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:es-ES:official&client=firefox-a#hl=en&expIds=17259,17291,20782,23756,24878,27400,27744,27788&xhr=t&q=asa+site+to+site+vpn&cp=11&pf=p&sclient=psy&client=firefox-a&rls=org.mozilla:es-ES%3Aofficial&aq=0&aqi=&aql=&oq=asa+site+to+&gs_rfai=&pbx=1&fp=70c82874026f0405 You have a lot of info and good ones like cisco website http://www.cisco.com/en/US/docs/security/asa/asa71/getting_started/asa5500/quick/guide/sitesite.html First look second ask
nola 22 posts	8 Dec 2010 at 8:07 p.m. UTC Welcome to networking.....do your research and THEN bring your problems to internet forums. I find it hard to believe you exhausted all research options on a subject as common as this.
MrGRinch 31 posts	14 Dec 2010 at 5:17 a.m. UTC Actually ALL traffic in VPN tunnel are encrypted, that's the point of VPN (Virtual Private Network). Just create site to site VPN and enjoy. Sincerely, GRinch
bluepackets 13 posts	16 Dec 2010 at 4:12 a.m. UTC In regards to the OP, he's correct, the ASA/PIX platform does not support the termination of GREs. Additionally, a site-to-site VPN between a set of ASA/PIXs does not imply that all traffic between these sites will use the VPN. You must specify the hosts and networks at both sites that are permitted to use the VPN. There's a semi-tutorial here using the GUI: http://cisco.biz/en/US/docs/security/asa/asa83/getting_started/5580/guide/sitvpn.html
tulga 1 post	4 Jan 2011 at 1:46 a.m. UTC Hey all, i created Site to Site VPN, followed this one :http://articles.techrepublic.com.com/5100-10878_11-6130365.html And created VPN and showed sa few days ago, but now when i type : show cry isa sa - it is showing empty, but when create static route for specific ip and route it through VPN and it is pinging, looks like it is up?! ACtually it s our backup link, so maybe if we don't use ISA getting empty?