cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
586
Views
0
Helpful
2
Replies

site to site vpn between 3 dynamic ip site to one static ip site

zeuscyril
Level 4
Level 4

hi all,

i am having one scenario,

i am having one static ip in the headoffice and i have 4 locations of site office all site offices are having dynamic ip.

i created one site to site vpn betwen HO to 1 site office working perfect

but i am creating second profile in HO ASA for 2 site office the config i created is not working.

i am using HO ASA 5520 and branches 5505 .all site offices are ADSL connection

i am attaching my HO config

can u just assit how to config multiple dynamic profile in the HO

thanks

zeus

1 Accepted Solution

Accepted Solutions

alig.norbert
Level 4
Level 4

That's only a suggestion....

You want to get the 3 dynamic sites connected with the HO,right?

HO:

As the branch office have dynamic ip's, you need to use the DefaultL2LGroup Profile (the same shared-key for all three BO).

The crypto-map has to be dynamic with the right soure/destination net configured. Exempt NAT with the same source/destination net as well.

BO:

Configured as a normal Site-2-Site VPN with the HO. The IPSEC-Wizard is very helpful.

To get connected from HO to BO, the branch office has to initate the tunnel. After that, you have a full functional site-2-site VPN.

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a00805733df.shtml

Greets,

Norbert

View solution in original post

2 Replies 2

alig.norbert
Level 4
Level 4

That's only a suggestion....

You want to get the 3 dynamic sites connected with the HO,right?

HO:

As the branch office have dynamic ip's, you need to use the DefaultL2LGroup Profile (the same shared-key for all three BO).

The crypto-map has to be dynamic with the right soure/destination net configured. Exempt NAT with the same source/destination net as well.

BO:

Configured as a normal Site-2-Site VPN with the HO. The IPSEC-Wizard is very helpful.

To get connected from HO to BO, the branch office has to initate the tunnel. After that, you have a full functional site-2-site VPN.

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a00805733df.shtml

Greets,

Norbert

thanks for your reply,

how many sites i can connect like this,

have you checked my config is it ok ....

and i just need to add additionaly nat command only in HO side .

or if i need to change anything on my HO side just reply me

thanks

zeus

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: