Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
604
Views
0
Helpful
2
Replies

site to site vpn between 3 dynamic ip site to one static ip site

Go to solution
zeuscyril
Level 4
Level 4

‎12-10-2009 09:34 AM

hi all,

i am having one scenario,

i am having one static ip in the headoffice and i have 4 locations of site office all site offices are having dynamic ip.

i created one site to site vpn betwen HO to 1 site office working perfect

but i am creating second profile in HO ASA for 2 site office the config i created is not working.

i am using HO ASA 5520 and branches 5505 .all site offices are ADSL connection

i am attaching my HO config

can u just assit how to config multiple dynamic profile in the HO

thanks

zeus

Labels:
36687-HO config witnh 2nd profile.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
alig.norbert
Level 4
Level 4

‎12-10-2009 12:37 PM

That's only a suggestion....

You want to get the 3 dynamic sites connected with the HO,right?

HO:

As the branch office have dynamic ip's, you need to use the DefaultL2LGroup Profile (the same shared-key for all three BO).

The crypto-map has to be dynamic with the right soure/destination net configured. Exempt NAT with the same source/destination net as well.

BO:

Configured as a normal Site-2-Site VPN with the HO. The IPSEC-Wizard is very helpful.

To get connected from HO to BO, the branch office has to initate the tunnel. After that, you have a full functional site-2-site VPN.

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a00805733df.shtml

Greets,

Norbert

View solution in original post

0 Helpful
2 Replies 2

Go to solution
alig.norbert
Level 4
Level 4

‎12-10-2009 12:37 PM

That's only a suggestion....

You want to get the 3 dynamic sites connected with the HO,right?

HO:

As the branch office have dynamic ip's, you need to use the DefaultL2LGroup Profile (the same shared-key for all three BO).

The crypto-map has to be dynamic with the right soure/destination net configured. Exempt NAT with the same source/destination net as well.

BO:

Configured as a normal Site-2-Site VPN with the HO. The IPSEC-Wizard is very helpful.

To get connected from HO to BO, the branch office has to initate the tunnel. After that, you have a full functional site-2-site VPN.

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a00805733df.shtml

Greets,

Norbert

0 Helpful

Go to solution
zeuscyril
Level 4
Level 4
In response to alig.norbert

‎12-11-2009 11:23 AM

thanks for your reply,

how many sites i can connect like this,

have you checked my config is it ok ....

and i just need to add additionaly nat command only in HO side .

or if i need to change anything on my HO side just reply me

thanks

zeus

0 Helpful
Customers Also Viewed These Support Documents