Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
795
Views
0
Helpful
3
Replies

ASA Remote Access VPN with Dynamic Outside IP

Go to solution
schinatti
Level 1
Level 1

‎05-27-2010 04:57 AM - edited ‎02-21-2020 04:40 PM

Hi forum,

I was wondering if it was possible to set up an ASA to provide remote access VPN connections (either/both IPSEC or WebVPN/SSL) from the outside world if the outside IP address is dynamic (i.e. obtained through DHCP)?  I understand how to use DynamicDNS to provide a hostname to VPN clients, I'm simply asking whether the ASA can be configured to allow VPN connections in from a DHCP addressed interface.  I understand there are issues with site-to-site VPNs when both sides are dynamically addressed, but it seems like the remote access VPN should work.  Just hoping to confirm this before I go and work on a config.

Thanks in advance....

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to schinatti

‎05-27-2010 05:12 AM

The same configuration applies.

I believe the only difference is that the outside IP with be dynamic:

interface e0/0

ip address dhcp setroute

crypto map

The only difference is that the VPN clients (the PCF file) should have the VPN connection to a hostname (instead than to an IP) and that IP should be resolved to the IPs of the ASA.

I'll try to find you a configuration example if you don't find it.

Federico.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-27-2010 05:03 AM

Hi,

Yes you can.

You configure VPN server on the ASA and apply the crypto map to the outside interface.

The VPN clients will connect to a hostname instead than to an IP.

As long as the hostname is published via DNS, the VPN clients can resolve it, they will connect.

I don't have a configuration example handy, but you can do it.

Federico.

0 Helpful

Go to solution
schinatti
Level 1
Level 1
In response to Federico Coto Fajardo

‎05-27-2010 05:07 AM

Thanks.  I've set up VPNs on a few boxes with static IP addresses.  Is there anything different that I need to configure?  Or does the same VPN

configuration work for both static and dynamic outside IP addresses?

Thanks...

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to schinatti

‎05-27-2010 05:12 AM

The same configuration applies.

I believe the only difference is that the outside IP with be dynamic:

interface e0/0

ip address dhcp setroute

crypto map

The only difference is that the VPN clients (the PCF file) should have the VPN connection to a hostname (instead than to an IP) and that IP should be resolved to the IPs of the ASA.

I'll try to find you a configuration example if you don't find it.

Federico.

0 Helpful
Customers Also Viewed These Support Documents