ASA VPN site-to-site (1 static IP and 1 dynamic IP)

[sergiorsantos]

Hi all,

I'm trying to establish a VPN site-to-site using ASA's, between two sites but one of them has a dynamic IP (ADSL Link). I can't find any example to folow.



Can you help me?


Sergio Santos

 

[ADB100]

Not going to happen unless you can constantly update the peer on the static end.... Don't think there is anyway to do this with DNS and dynamic DNS?

 

[sergiorsantos]

Hi,

I'm looking for some information about Dynamic Crypto Map. I guess if I can configure this kind of solution may be this cenario works!


Who knows somebody has a example that I can use.


Thanks for your answer!


Sergio Santos

 

[unclerico]

You can definitely do this. You need to use tunnel-group DefaultL2LGroup ipsec-attributes on the static side along with a dynamic crypto map. On the dynamic side you will specify the static peer address in the tunnel-group configuration tunnel-group 1.1.1.1 ipsec-attributes. You can use

http://www.cisco.com/en/US/products...s_configuration_example09186a00807ea936.shtml

as a guide.

 

[ADB100]

unclerico, How are the remote subnets/networks at the dynamic site updated at the central site? With static crpto-maps you specify an ACL (ProxyID) covering the networks that will be protected. How do you do this with a dynamic crypto-map?

Andy