I'm trying to set up a dynamic-to-static LAN2LAN vpn from a ASA 5505 (with a dynamic IP) to an ASA5520 (with a Static IP)
I'd like to have a small (/30) network on the Dynamic side that I can connect to a larger (/24) network on the Static side.
I'm also trying to use Identity Certificates for the Authentication.
I generated a root CA, and intermediate CA, signed the intermediate CA with the root CA, and then created identity CAs for
the ASAs, and signed them with the intermediate CA using OpenSSL, and imported them to a trustpoint
I tried using the instructions at:
to set up the certificates (replacing MS with OpenSSL) and using the instructions at:
I then tried to use the ASDM to set the appropriate indentity cert on the outside interface
[ Configuration->Device Management->Advanced->SSL Settings ]
and set up a Connection Profile [ Configuration->Device Management->Connection Profiles ] on both devices,
setting the side that gets its IP via DHCP to static and the side that has the permanent IP to accept from dynamic.
I apply settings and nothing happens.
show crypto isakmp just returns "There are no isakmp sas".
I'm not sure where to begin debugging this. How do I force the DHCP side to initiate a connection?