L2L VPN tunnel with Dynamic IP SonicWall

Unanswered Question
Dec 14th, 2009

Hello,

   I hope somebody can give me some ideas. We are trying to migrate a SonicWall (Hub Site) into a CIsco ASA. The ASA will have a static IP but the remote sites are SonicWalls with dynamic IP addresses. We have arround 25 remote SonicWalls that we need to establish L2L VPNs with. The tricky part is how can we create multiple dynamic maps and know which one is for which site. Please note the SonicWalls are using different Pre-shared Key.

Any help is highly appreciated,


Regards,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
yamramos.tueme Fri, 12/18/2009 - 14:19

Hi!

In order to establish the VPN Tunnel to the ASA, you need to configure the pre-shared key in the Tunnel Group.  For site to site tunnels, you can either use the IP address for the peer or use the DefaultL2LGroup. This means that all your SonicWall peers need to be configured with the same pre-shared key and you should use the DefaultL2LGroup.If you do not want to have all your peers configured with the same key, the other option is to use rsa (certificates) for authentication.

Regarding the crypto map configuration, you don't need to configure a static entry for your dynamic sites.  You only need to configure a dynamic map for all the site to site tunnels and it will negotiate all the connections.  Please note that your dynamic map should be attached to the crypto map and it should be the last entry of it so it won't affect any other tunnel that you have configured.

Perhaps this link will give you more information

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

Cheers!

- Yamil

Actions

This Discussion