Cisco ASA – VPN Reverse Route Injection With OSPF
Reverse Route Injection KB ID 0000982 Problem Reverse Route injection is the process that can be used on a Cisco ASA to take a route for an established VPN, and populate/inject that route into the routing table of other devices in it’s routing group. In the example below, on the main site, we have a Layer 3 switch that’s routing all the 192.168.x.x networks, and we have an established site to site VPN to a remote site. To...
Cisco ASA: ‘ERROR: Multiple Peers can be specified only with originate-only connections’
KB ID 0001316 Problem This week I had a client who had a head office and three satellite sites. They had old firewalls (a 5510 and 5505’s), and my firm had installed FTTC circuits, into the sites for them. My job was to reconfigure the firewalls and the site to site VPN tunnels (each site had a tunnel to the other sites), then disconnect their old ADSL connections, change the firewalls public IP, then connect to the shiny new...
Cisco ASA – Reverse Route Injection with EIGRP
KB ID 0001137 Problem I’ve followed your Reverse Route Injection article and its not working? This email dropped in my mailbox a while back As it turns out the article I had written was for OSPF, and this chap was using EIGRP. So I ran it up with EIGRP as well to test. Heres my topology, I want to inject the route for the remote site, into my internal EIGRP routing table. Solution Assuming EIGRP is already setup between the ASA...
Cisco Router – Configure Site to Site IPSEC VPN
KB ID 0000933 Problem I’ve done thousands of firewall VPN’s but not many that terminate on Cisco Routers. It’s been a few years since I did one, and then I think I was a wuss and used the SDM. So when I was asked to do one last week thankfully I had the configs ready to go. I’m going to use the IP addresses above, and my tunnel will use the following settings; Encryption: AES. Hashing: SHA. Diffie Hellman:...
Cisco PIX 500 – IPSEC Site to Site VPNs (v6)
KB ID 0000611 Problem Note: This is for firewalls running an operating system BEFORE version 7, if you have an PIX running version 7 or above go here instead. I’ll run though he commands first and then the configuration from PDM at the end. Solution PIX 500: Configure a site to site VPN from command line 1. Connect to the PIX, go to “enable mode”, then to “Configure terminal mode” User Access...