Cisco ASA Site To Site VPN IKEv2 “Using CLI”
KB ID 0001429 Problem Note: This is for Cisco ASA 5500, 5500-x, and Cisco Firepower devices running ASA Code. You want a secure IPSEC VPN between two sites using IKEv2. Note: If the device you are connecting to does not support IKEv2 (i.e. it’s not a Cisco ASA, or it’s running code older than 8.4) then you need to go to the older version of this article; Cisco ASA 5500 Site to Site VPN IKEv1 (From CLI) Solution Before you...
Cisco ASA: ‘ERROR: Multiple Peers can be specified only with originate-only connections’
KB ID 0001316 Problem This week I had a client who had a head office and three satellite sites. They had old firewalls (a 5510 and 5505’s), and my firm had installed FTTC circuits, into the sites for them. My job was to reconfigure the firewalls and the site to site VPN tunnels (each site had a tunnel to the other sites), then disconnect their old ADSL connections, change the firewalls public IP, then connect to the shiny new...
Cisco PIX 500 – IPSEC Site to Site VPNs (v6)
KB ID 0000611 Problem Note: This is for firewalls running an operating system BEFORE version 7, if you have an PIX running version 7 or above go here instead. I’ll run though he commands first and then the configuration from PDM at the end. Solution PIX 500: Configure a site to site VPN from command line 1. Connect to the PIX, go to “enable mode”, then to “Configure terminal mode” User Access...
Troubleshooting Phase 2 Cisco Site to Site (L2L) VPN Tunnels
KB ID 0000625 Problem It’s been over two years since I wrote Troubleshooting Phase 1 Cisco Site to Site (L2L) VPN Tunnels. I’ve always meant to come back and write the ‘Phase 2’ article but never got around to it. This article is NOT intended to be a ‘fix all” for phase 2 problems, it’s designed to point you in the right direction to locate the source of the problem. Solution Here’s my...
Cisco ASA 5500 – Reset / Recycle VPN Tunnels
KB ID 0000586 Problem I’ve been asked this before and it came up on EE today, basically you have a site to site VPN tunnel and you either want to restart it or reset it. Solution Cisco ASA Reset ALL VPN Tunnels 1. Connect to your ASA, then to reset ALL your ISAKMP VPN tunnels use the following command; clear crypto isakmp sa In the example below I’ve reset ALL my tunnels. I had a constant ping running across the VPN, and...