cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
566
Views
0
Helpful
4
Replies

ASA 5505 to Netvanta site-site VPN but NV is dynamic?

sbantz
Level 1
Level 1

I am trying to set up a site-site VPN between two sites. The Cisco ASA 5505 has a static public IP and the site with an Adtran router has a dynamic IP on the public interface. I have successfully gotten site-site working many times when both are static, but I have never done one where the initiating site is dynamic. How do you configure this on the ASA? I tried to put 0.0.0.0 as the peer IP address in the site-site vpn wizard, but it won't take it. If I try it at a command line, it takes it, but doesn't show it in the config.

Is there a proper procedure to configure this? I understand you can possibly do it with Cisco EasyVPN, but I would like to avoid using that if at all possible.

Thanks.

4 Replies 4

nitinaga
Level 1
Level 1

Hi,

yes it is possible. Please check the following document.

http://cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

In this example the other end is a Pix. However on ASA with dynamic ip address you need to configure VPN just as you do it for static ip address.

I'm trying to accomplish the same thing with an ASA 5505 and another VPN device. I've followed the doc you provided and the ASA always tries to match the connection to the "DefaultRAGroup" , it never matches the L2L group I created. Any idea what I'm doing wrong?

Jeremy

Did you configure this with a dynamic map or with peer 0.0.0.0? The message indicates that your ASA is treating this as Remote Access instead of Lan to Lan.

Perhaps it would be easier to figure out the problem if you would post the config.

HTH

Rick

HTH

Rick

I figured it out myself, thanks for the response.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: