0

I'm trying to setup a site to site VPN, with a Cisco ASA 5505 at one end. The documentation tells me to use the Ipsec VPN wizard but under the wizards drop down menu there's nothing VPN related there.

I have a 'base' license, is that the issue? or am I being stupid?

The versions I have are: Cisco Asa 5505 with ASA 8.2(1) and ASDM 6.2(1), the firewall was already setup when I got it (I'm leasing a dedicated server).

Thanks for your help

Guillaume
  • 135
  • 1
  • 8

3 Answers3

1

Base license should grant you a couple site to site vpn tunnels.

Under The Wizards, select IPSec VPN Wizard Select Site to site enter the remotes IP address to terminate too Create and enter in a preshared key Tunnel group will fill in automatically Select your IKE Encryption/Auth info Select IPSEc info Then add in the remote network info and local network info Finish

That's all there is to it. The wizard makes it really easy.

jherlitz
  • 1,058
  • 1
  • 18
  • 25
  • Actually I just re-read your post and when you select Wizards, you don't have any wizards available? – jherlitz Apr 06 '10 at 17:19
  • I just checked mine, and I have Base license and I have 5 site to site tunnels going. Please confirm that when you click on "Wizards" menu, the drop down doesn't give you any options? That is where you select IPSec VPN Wizard. – jherlitz Apr 06 '10 at 17:21
  • Another thought, if it was already setup when you go it, did they give you a login ID? If so, they might have restricted your permissions, thus not giving you the rights to setup any site to sites. I have to venture that is what is going on. What login are you using, what level of rights does it have? – jherlitz Apr 06 '10 at 17:23
  • Hi jherlitz, thanks for your answers. Yes I confirm that there's no VPN wizards under the wizards drop down menu. All I have is Startup, High Availability and scalability, Packet Capture. I'm logged in as admin, this account has full access and privilege level 15. Something weird: compared to the ASDM screenshot from the doc, I don't see the 'VPN Sessions' section in my interface. – Guillaume Apr 06 '10 at 17:43
  • Wow... Admin with level 15 access. Interesting, I would contact Cisco TAC, they will be able to determine why. Do you have a TAC account or TAC Support with that firewall? – jherlitz Apr 06 '10 at 18:21
  • No, I don't have a TAC account. I'll try to got the support of the server housing company and see what they can do about it. – Guillaume Apr 06 '10 at 18:42
1

Here's what mine looks like.

http://www.fsckin.com/random/asa5505-1.png

If yours doesn't appear like this (and you can see I have the base license which grants I think three tunnels) you should contact Cisco TAC and create a case. Are you sure that you're running ASA 8.2(1) and ASDM 6.2(1)?

Look in Tools -> File Management and make sure the asdm-621.bin is listed as the ASDM image. Same goes for asa821-*.bin listed as Boot image 1.

If these aren't set right, you may actually be running an older version that doesn't have the VPN wizard functionality.

fsckin
  • 573
  • 4
  • 9
  • Well, the IPsec and SSL VPN items are definitively missing on mine ... I checked the files as advised, I have asdm-621.bin and asa821-k8.bin. I also see these version numbers in Help -> About Cisco ASDM 6.2 – Guillaume Apr 06 '10 at 18:29
  • Has it been rebooted since the latest ASA and ASDM was installed? – fsckin Apr 06 '10 at 19:07
  • To be honest, I'm not sure how to reboot it! I don't have physical access to the box. – Guillaume Apr 06 '10 at 19:17
  • Yup! Transparent mode wont work! From here: http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/fwmode.html#wp1198794 The transparent firewall supports site-to-site VPN tunnels for management connections only. It does not terminate VPN connections for traffic through the security appliance. You can pass VPN traffic through the security appliance using an extended access list, but it does not terminate non-management connections. – fsckin Apr 06 '10 at 19:36
  • 1
    Not related, but Tools > System Reload will reboot the box... can be scheduled for a time in the future if you want. – fsckin Apr 06 '10 at 19:39
1

Ok, I might have found something. The firewall is configured in transparent mode (not routed). From what I understand, that means it can't act as a VPN connection end point. Right?

Guillaume
  • 135
  • 1
  • 8
  • Alright, as confirmed by fsckin that's indeed why the VPN is not available. Next step: figuring how to switch to routed mode! Thanks guys for the quicks answers and your insights, very appreciated! – Guillaume Apr 06 '10 at 20:11