- Silver, 250 points or more
I was wondering if someone had any ideas to a problem that I am having.
I previously had configured an IOS Router that had a dynamic IP address from the ISP vpn back to a headquarters PIX. I had the PIX configured for a wildcard isakmp/crypto peer address so it did not care what IP address peer tried to vpn handshake with it. But, in order to bring up the VPN it had to be initiated from the IOS Router LAN side because of the way dynamic to static vpn is configured.
The problem I originally had was behind the IOS Router on it's LAN side I had cameras that did not generate any traffic by themselves so the VPN did not ever come up and the way I got around that was on the IOS Router I setup a bogus NTP Server IP address that was in the subnet across the VPN on the PIX side and then sourced the NTP from the IOS Router ethernet so it would automatically bring up the tunnel by itself.
Now we are trying to implement and ASA instead of and IOS router and the NTP commands are there including the source option that can be "inside" or "outside" but it is not working the way the IOS Router did. I also tried to create some sort of SNMP and/or SLA with some source options but that did not bring up the tunnel either. It is like it is not sourcing it from an IP address or interface that looks like interesting traffic.
I am wondering if it is something to do with the fact that the ASA we configured made us put IP addresses on the VLAN interfaces and then put the Ethernet Interfaces in the particular switchport access vlan instead of putting IP addresses on the Ethernet Interfaces themselves.
Anyone have any ideas to automatically initiate the vpn tunnel from within the ASA configuration?
You may have to add outside interface of ASA as interesting traffic. That is usually done when you want to syslog from a remote ASA/pix to a local syslog server. I know you are doing ntp but should be the same thing. Sounds like the same problem here. It's worth a shot anyway.
Here's the doc for pix but is similar for ASA.