ASA-To-ASA Dynamic-to-Static IPSEC Help

Unanswered Question

I have an ASA 5510 that has a static IP with a site-to-site IPSEC tunnel to an ASA 5505 with a static IP and that works great.

However, I know need to create another tunnel from the ASA 5510 to a different ASA 5505, but this 5505 has a dynamic IP.

I need specific steps on how I go about created the tunnel to the ASA 5505 that has the dynamic IP without messing up my other tunnel. I know I need to create a Dynamic Crypto Map, but that is all I am sure of.

Please help.

It would be nice if I could do this through ASDM, but if not CLI will work just fine.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Thu, 04/12/2007 - 06:08
User Badges:
  • Silver, 250 points or more

Refer the following configuration example,

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 3600

isakmp enable outside

access-list 100 extended permit ip source_ip dest_ip

nat (inside) 0 access-list 100

tunnel-group DefaultL2LGroup type ipsec-l2l

tunnel-group DefaultL2LGroup general-attributes

authentication-server-group none

tunnel-group DefaultL2LGroup ipsec-attributes


crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto dynamic-map cisco 1 set transform-set myset

crypto map dyn-map 20 ipsec-isakmp dynamic cisco

crypto map dyn-map interface outside


This Discussion