Enable DDNS on outside interface of ASA5505

Unanswered Question
Oct 20th, 2008

I am upgrading my old Linksys router/access point at home from DD-WRT to an ASA5505. One of the nice features of DD-WRT on Linksys is that I was able to dynamically update my outside IP address to resolve to my <hostname.dyndns.org>. Does the ASA5505 have a similar utility? Can I have it automatically update the outside IP address on my 5505 to resolve to my dynamic domain name?

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kerryjcox Tue, 10/21/2008 - 16:17

I read through this section, but am not certain how to configure my ASA 5505 to connect to dyndns.org and register the outside interface's IP address with my hostname at dyndns.org.

Are there any good examples around?

Thanks.

Kerry - are you actually sure you read the URL? I will post from the URL:-

Example 1: Client Updates Both A and PTR RRs for Static IP Addresses

The following example configures the client to request that it update both A and PTR resource records for static IP addresses. To configure this example, perform the following steps:

Step 1 To define a DDNS update method called ddns-2 that requests that the client update both the A and PTR RRs, enter the following commands:

hostname(config)# ddns update method ddns-2

hostname(DDNS-update-method)# ddns both

Step 2 To associate the method ddns-2 with the eth1 interface, enter the following commands:

hostname(DDNS-update-method)# interface eth1

hostname(config-if)# ddns update ddns-2

hostname(config-if)# ddns update hostname asa.example.com

Step 3 To configure a static IP address for eth1, enter the following commands:

hostname(config-if)# ip address 10.0.0.40 255.255.255.0

Example 2: Client Updates Both A and PTR RRs; DHCP Server Honors Client Update Request; FQDN Provided Through Configuration

The following example configures 1) the DHCP client to request that it update both the A and PTR RRs, and 2) the DHCP server to honor the requests. To configure this example, perform the following steps:

Step 1 To configure the DHCP client to request that the DHCP server perform no updates, enter the following command:

hostname(config)# dhcp-client update dns server none

Step 2 To create a DDNS update method named ddns-2 on the DHCP client that requests that the client perform both A and PTR updates, enter the following commands:

hostname(config)# ddns update method ddns-2

hostname(DDNS-update-method)# ddns both

Step 3 To associate the method named ddns-2 with the security appliance interface named Ethernet0, and enable DHCP on the interface, enter the following commands:

hostname(DDNS-update-method)# interface Ethernet0

hostname(if-config)# ddns update ddns-2

hostname(if-config)# ddns update hostname asa.example.com

hostname(if-config)# ip address dhcp

Step 4 To configure the DHCP server, enter the following command:

hostname(if-config)# dhcpd update dns

baskokken Thu, 03/12/2009 - 02:36

Kerry,

I am fighting the same issue. I decided to do the following: put the Linksys router in switch mode (tell it that another system does the routing). Confgure the Linksys with a static (PRIVATE) address on the LAN segment and configure the dyndns config on that Linksys.

This allows me to use the linksys (WRT54G) as a combined switch and AP and to provide DynDNS services and use the ASA for firewalling, NAT, VPN etc.

Bas Kokken

kerryjcox Thu, 03/12/2009 - 06:25

Bas,

Thanks for the update. I have two Linksys AP/routers here at home running DD-WRT. I'll do as you recommended and will set them for switching. I'll see if that helps.

Otherwise, I've simply memorized my outside IP and have opened connectivity from work to home.

Thanks.

KJ

baskokken Thu, 03/12/2009 - 07:29

I didn't want to mention DD-WRT. But if you're running that inside of your network, you can also use them for other things. I use them also as internal DNS besides the DynDNS tasks.

ivarnhagen Wed, 06/10/2009 - 23:12

Hi Bas,

I also use an ASA5505 and a Linksys WRT54G (latest Linksys firmware) in my home network. I am using the Linksys as a switch/AP with nothing connected to the WAN port.

DynDNS on the Linksys does not seem to work in this constellation since the WRT54G doesnt get the public IP. I also cant add a default route or for it to reach the internet. I can imagine it working if I connect the WAN port to the same Network as the ASA, but want to avoid creating another subnet.

I know this is more of a Linksys issue, but could you tell me how did you got it to work? Or are you using custom firmware?

Ingo

baskokken Thu, 06/11/2009 - 00:04

Ingo,

Is is (more or less) the exact same setup as I have built.

At first: the linksys surely must be able to reach the internet. DDNS (as on the linksys) sends a HTTP request to DynDNS to update its DNS records. A def.route to the internet is therefor a requirement.

What I suggest is to put your Linksys in the gateway mode (I am not sure about the exact phrase: there is a routed mode and I believe a gateway mode). This basically configures the AP as a switch with build-in WiFi bridge. Then define a static IP with subnet mask and def gateway on the Linksys. The def gateway should point to your ASA internal address.

hope this will work for you.

Bas

(please note: this is a theoretically approach. I have replaced the Linksys firmware with dd-wrt firmware for additional options. This should however not be necessary. I recommend that you stick to Linksys firmware unless explicit need for the additional features)

ivarnhagen Thu, 06/11/2009 - 00:34

Hi Bas,

Thanks for the reply! In theory this is the correct approach, but the Linksys hardware/firmware seems to limit the capabilities I require:

- No default gateway can be set on the LAN/Wireless side. It is only possible to set a GW on the WAN interface, which would result the Clients being put into another subnet.

- Setting the Routed/Gateway mode does not seem to change this behavior

- It is not possible to set a default route manually pointing out the LAN/Wireless side. Setting a route 0.0.0.0 mask 0.0.0.0 results in an error message

- Unfortunately my WRT54G's Hardware Revision does not support the DD-WRT firmware :(

Anyhow, I will most likely try getting it done using the WAN interface and subnetting my internal LAN. DynDNS is not a critical service I require, but would really be nice to have!

Ingo

Actions

This Discussion