Opps- Cisco ASA5505 vpn help

[The Spyder]

Hey guys,
I made a bit of a boo-boo. lol Tomorrow I have my site to site VPN being setup and tonight I went ahead and did a initial configuration. Well silly me, I dont have the Shared Secret yet and went ahead and used whatever I felt like. Now I cant find where to change it for tomorrow... From looking around, I cant even find a way to delete and re do this VPN connection without manually digging out all its settings and putting them back to defaults. I cant easily reset it to factory defaults without loosing a hour of work resetting it back up.

Helps!

Thanks as always.

 

[k1pp3r]

If your using ASDM go to

Configuration > Site to Site VPN > Connection profiles

Select your profile and click edit. You can change the shared secret there

That, and backup your settings to a txt file and tftp, saves you from an hour reconfigure

 

[The Spyder]

Perfect, thanks a ton.

Still have to get my CCNA done...

 

[k1pp3r]

Perfect, thanks a ton.

Still have to get my CCNA done...

NP

I never got my CCNA, lol, maybe one day i will go do the CCNP, just never liked the cert tests

 

[The Spyder]

Since its the newer ASDM, in case anyone else has to look for this:

Open ASDM-> configuration ->vpn -> General -> Tunnel Group -> Select VPN and edit -> click on IPSEC tab and its there.

*Edit, older ASDM, 5.2.

 

[k1pp3r]

I took mine from ASDM 6.0, what version are you using?

 

[The Spyder]

Edited- older version not newer.

Anyways, here is a question.
I have a block of 5 Ip's from comcast. (Real IP changed to 10.0.0.x for security)
10.0.0.17 - Untangle/Internet/Mail main for now
10.0.0.18- Cisco ASA 5505
10.0.0.19- unused
10.0.0.20- unused
10.0.0.21- Web server
10.0.0.22 Gateway SMC device (Actual internal IP 10.1.10.1)


When a PC is connected directly to my ASA5505, I can not get out to the web. (Not that it matters, but I am concerned that this will cause a issue with my VPN connection). I have entered the DNS servers, and followed this http://www.mailbeyond.com/set-a-static-ip-for-your-cisco-asa5505-firewall since I am using a static IP. When it asked my for my Gateway, I entered the SMC/ 10.0.0.22 IP, is this incorrect?

 

[k1pp3r]

Edited- older version not newer.

Anyways, here is a question.
I have a block of 5 Ip's from comcast. (Real IP changed to 10.0.0.x for security)
10.0.0.17 - Untangle/Internet/Mail main for now
10.0.0.18- Cisco ASA 5505
10.0.0.19- unused
10.0.0.20- unused
10.0.0.21- Web server
10.0.0.22 Gateway SMC device (Actual internal IP 10.1.10.1)


When a PC is connected directly to my ASA5505, I can not get out to the web. (Not that it matters, but I am concerned that this will cause a issue with my VPN connection). I have entered the DNS servers, and followed this http://www.mailbeyond.com/set-a-static-ip-for-your-cisco-asa5505-firewall since I am using a static IP. When it asked my for my Gateway, I entered the SMC/ 10.0.0.22 IP, is this incorrect?

You should use the cisco as your default gateway, it then has a static route out to the internet which is 10.0.0.22

 

[The Spyder]

I explained it wrong, however thats how I have it now.

I have a static route for outside with the 10.0.0.22 as the gateway IP for that route. I still cant see outside though. Hurm.

 

[crash848]

Do you have a global address pool? It would look something like:

global (1) interface
nat (1) 0.0.0.0 0.0.0.0

If you don't have those, you wouldn't have any NAT going on for outgoing connections. Post up your config, with the personal info removed of course, that will help.

 

[k1pp3r]

Do you have a global address pool? It would look something like:

global (1) interface
nat (1) 0.0.0.0 0.0.0.0

If you don't have those, you wouldn't have any NAT going on for outgoing connections. Post up your config, with the personal info removed of course, that will help.

He did, i think we got this one straight for now, lol

 

[crash848]

I thought he stated he was still having a problem getting out to the internet?

The configuration I am talking about would be the ASA's configuration, not the layout of the network. If help is still needed, post up !

 

[k1pp3r]

I thought he stated he was still having a problem getting out to the internet?

The configuration I am talking about would be the ASA's configuration, not the layout of the network. If help is still needed, post up !

Yeah, i helped with the config through PM's