Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510 support ipsec site to site vpn by domain name way ?

dear  helper, 

         my issue :

        our side  device is  Cisco asa 5510 SEC-BUN-K9 with a static ip , and the other side device is cisco RV180

vpn router without  static IP (dial-up),

now  we plan to establish  IPSEC site to site vpn  between two sites. 

        I have confirmed that RV180 support establishing  IPSEC site to site vpn with  domain name method  , However,

I'm not sure whether ASA 5510 also has this feature (means establish IPSEC site to site vpn with  domain name

method).

      

        I would be very appreciated to all for the experience sharing

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Green

ASA 5510 support ipsec site to site vpn by domain name way ?

The ASA can support this.  You just need configure a dynamic crypto map on the ASA.  Just remember that the dynamic crypto map should have the highest sequence number within the crypto map.  This is to be sure that the more specific maps are matched first.  (I have left out the NAT Exempt statement in the config below)

crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2

tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key

access-list CRYPTO-MAP permit ip 172.16.1.0 255.255.255.0 10.1.100.0 255.255.255.0

crypto ipsec transform-set MY-SET esp-aes esp-sha-hmac
crypto dynamic-map MY-DYNAMIC-MAP 10 set transform-set MY-SET
crypto map outside 100 ipsec-isakmp dynamic MY-DYNAMIC-MAP

crypto map outside 100 match address CRYPTO-MAP
crypto map outside interface outside

crypto isakmp enable outside

tunnel-group DefaultL2LGroup ipsec-attributes

pre-shared-key

-- Please remember to rate and select a correct answer
2 REPLIES
VIP Green

ASA 5510 support ipsec site to site vpn by domain name way ?

The ASA can support this.  You just need configure a dynamic crypto map on the ASA.  Just remember that the dynamic crypto map should have the highest sequence number within the crypto map.  This is to be sure that the more specific maps are matched first.  (I have left out the NAT Exempt statement in the config below)

crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2

tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key

access-list CRYPTO-MAP permit ip 172.16.1.0 255.255.255.0 10.1.100.0 255.255.255.0

crypto ipsec transform-set MY-SET esp-aes esp-sha-hmac
crypto dynamic-map MY-DYNAMIC-MAP 10 set transform-set MY-SET
crypto map outside 100 ipsec-isakmp dynamic MY-DYNAMIC-MAP

crypto map outside 100 match address CRYPTO-MAP
crypto map outside interface outside

crypto isakmp enable outside

tunnel-group DefaultL2LGroup ipsec-attributes

pre-shared-key

-- Please remember to rate and select a correct answer
New Member

ASA 5510 support ipsec site to site vpn by domain name way ?

  hi Marius,

        thank you very much for your help ,i will  act  to do it . 

   best regards

  wang yi lun

1023
Views
0
Helpful
2
Replies