05-27-2010 04:57 AM - edited 02-21-2020 04:40 PM
Hi forum,
I was wondering if it was possible to set up an ASA to provide remote access VPN connections (either/both IPSEC or WebVPN/SSL) from the outside world if the outside IP address is dynamic (i.e. obtained through DHCP)? I understand how to use DynamicDNS to provide a hostname to VPN clients, I'm simply asking whether the ASA can be configured to allow VPN connections in from a DHCP addressed interface. I understand there are issues with site-to-site VPNs when both sides are dynamically addressed, but it seems like the remote access VPN should work. Just hoping to confirm this before I go and work on a config.
Thanks in advance....
Solved! Go to Solution.
05-27-2010 05:12 AM
The same configuration applies.
I believe the only difference is that the outside IP with be dynamic:
interface e0/0
ip address dhcp setroute
crypto map
The only difference is that the VPN clients (the PCF file) should have the VPN connection to a hostname (instead than to an IP) and that IP should be resolved to the IPs of the ASA.
I'll try to find you a configuration example if you don't find it.
Federico.
05-27-2010 05:03 AM
Hi,
Yes you can.
You configure VPN server on the ASA and apply the crypto map to the outside interface.
The VPN clients will connect to a hostname instead than to an IP.
As long as the hostname is published via DNS, the VPN clients can resolve it, they will connect.
I don't have a configuration example handy, but you can do it.
Federico.
05-27-2010 05:07 AM
Thanks. I've set up VPNs on a few boxes with static IP addresses. Is there anything different that I need to configure? Or does the same VPN
configuration work for both static and dynamic outside IP addresses?
Thanks...
05-27-2010 05:12 AM
The same configuration applies.
I believe the only difference is that the outside IP with be dynamic:
interface e0/0
ip address dhcp setroute
crypto map
The only difference is that the VPN clients (the PCF file) should have the VPN connection to a hostname (instead than to an IP) and that IP should be resolved to the IPs of the ASA.
I'll try to find you a configuration example if you don't find it.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide