ASA site to site VPN cookbook

TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
I see the ASA has a VPN wizard for site to site VPNs. Anyone set one up with this and has a cookbook and landmines to watch out for?


  • chrisonechrisone Senior Member Member Posts: 2,272 ■■■■■■■■■□
    We use the wizard many times at work and in lab practices. Our ASAs run a lot of data / voice so we have huge configuration files. Most of the time we make changes and additions using ASDM. We do conifgure and install them using CLI, but there is too much text in our config files with all our object groups and service groups, access-lists, VPN rules. So you can see why we use the ASDM and also why Cisco recommends you use it too lol

    As far as the VPN wizard it will take some practice to get used to it, but its fairly easy and comprehensible. We have MPLS so our VPN tunnels at all our locations are backup connections to the enterprise network, so we are not too concerned if there is an "OPPS" and the tunnels go down, as long as we get them back up and working by the end of business day. I dont think i have ever ran into a problem with the wizard screwing up another tunnel or over writing an ACl related to another VPN tunnel. Just get used to the idea of fine tunning the tunnels once you create them with the wizard. Trust me the ASDM is a life/time saver. Cisco created for a reason, however it doesnt mean you can ignore the CLI. I do all my tunnel troubleshooting with the CLI and debug commands, but i will create a tunnel with the ASDM no problem.

    A good book that i am reading right now for all my ASA needs is

    It is a great book and he is the author of the original Complete Cisco VPN Configuration Guide - Cisco Press. He also has done many books on CCNA/CCSP/Firewall PIX.
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2022 Goals:
    Certs: EnCE (cert obtained), SC-300 (cert obtained), AZ-500 (in progress)
    Course: BC Security - Empire Operations 1 (completed), Zero Point Security - CRTO (course completed), BHIS - Active Defense & Cyber Deception (completed)
  • TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
  • TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
    Just had a look at the link. I see its by Richard Deal. He wrote a great Corialis book for the CCNP Switching exam back in 2000. I may pick this up and one of Orange Cisco Press books too.
Sign In or Register to comment.