07-05-2010 05:37 AM - edited 03-11-2019 11:07 AM
Hi just had a quick question.
Lets say I have a cisco ASA(running 8.3) and a cisco router( which supports IPSEC vpn) and the ASA has a static internet address, whilst the router has a dynamic.
If I create a L2L IPSec tunnel between the two how would this work?
Could I use a solution such as dynamic dns and then use that DNS name as the Tunnel Group name and the ASA will do a DNS lookup to see if it matches any phase 1 packets from a peer matching that ip? I think this is unlikely but I believe it can be done on some cisco routers?
or does the ASA accept all connections from any peer address like it does with a RA tunnel? Which is what I think it does.
thanks.
Solved! Go to Solution.
07-05-2010 06:53 AM
Marcos,
This should got o VPN rather then firewalling.
I would suggest to use certificates + dynamic map in this case. Same way you would to in case of two routers.
You can match the certifcate to a particular tunnel group (by OU) or tunnel group matching + certificate maps.
You can apply match on dynamid crypto map to match the proxy identities.
For DNS resolution - it has not been implmeneted:
Marcin
edit; Added enhancements and clarifications.
07-05-2010 06:53 AM
Marcos,
This should got o VPN rather then firewalling.
I would suggest to use certificates + dynamic map in this case. Same way you would to in case of two routers.
You can match the certifcate to a particular tunnel group (by OU) or tunnel group matching + certificate maps.
You can apply match on dynamid crypto map to match the proxy identities.
For DNS resolution - it has not been implmeneted:
Marcin
edit; Added enhancements and clarifications.
07-05-2010 04:04 PM
Thank you.
That was exactly what I was after. I will ensure I put any VPN related questions in the VPN section in the furture.
cheers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide