Client Pay Portal
 site-to-site vpn

How to Set Up a Site-to-Site VPN with Cisco ASA 5505

Setting up a Site-to-Site VPN Tunnel on an ASA 5505 is pretty snappy if you use the VPN Wizard.

Here is our test lab configuration.

test lab config

First let’s start that wizard! On Site 1 ASDM you'll find it under “wizards” at the top of the ADSM window.

site 1 asdm

The next page is really just to make sure you understand your setting up a site-to-site VPN, an "introduction" to set up.

vpn wizard

Click “next” and it's time to identify the peer or remote IP of the ASA on the other side of the tunnel we are connecting to. In this case: Site 2 or

The Access Interface is outside, because that’s where the VPN is initiating and terminating.

access interface

On IKE Version I strongly suggest only version 2.

ike version 1

Traffic to protect is where you identify what networks are allowed to talk with one another. You can get really granular with these policies in the Command Line Interface CLI. Do not change the Radio button to IPv6
In our case, our local Subnet is and the remote subnet is then click next.

site to site vpn

On authentication, you can use a pre-shared key for your lab. You may have higher security requirements in which you mix with certificate mode, but we don’t need it for our lab.

site to site vpn

Next, leave the default for “Encryption Algorithms” and click “next.”

site to site

Don't click anything on Miscellaneous other than "Exempt ASA side host/network from address translation (inside)” in the drop down.

site to site

Now click “finish”, then repeat this process on the other ASA with the reverse configuration.

And to check and make sure your tunnel is up, click on “Monitoring” on the top ribbon then “VPN” in the left admin window to see active sessions!

You are all done!


Wiz E. Wig, Mascot & Director of Magic
Wiz E. Wig

Director of Magic