cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
690
Views
0
Helpful
2
Replies

Site-to-Site VPN: ASA 5510 (fixed IP) <-> Linksys BEFSX41 (dyn IP)

dathom1093
Level 1
Level 1

The Cisco 5510 has a fixed IP address, but the Linksys BEFSX41 does not. I'm planning to use the Cisco/Linksys as a replacement for a pair of ZyWall 10 VPN routers. The ZyWall's allow me to specify (on the fixed IP end) the FQDN of the dynamic IP end, but it doesn't seem that the Cisco does.

I've read some posts that seem to describe similar configurations, but it's not clear how to implement them on the 5510.

The Cisco/Linksys solution was recommended by CDW as a replacement for the ZyWall's, but if it doesn't have this feature, it's pretty much useless.

2 Replies 2

kaachary
Cisco Employee
Cisco Employee

Why don't you configure a dynamic to static tunnel ?

The tunnel will land on DefaultRAGroup or DefaulL2LGroup depending on how the Linksys initiates the connection.

-Kanishka

ggilbert
Cisco Employee
Cisco Employee

Does the Linksys BEFSX41 support the use of certificates? (I personally haven't seen it) If it does, then you can make the certificate parameter to land on a separate tunnel-group by using FQDN

tunnel-group-map enable ike-id

will be the option to use on the ASA.

So, the certificate sent from the remote end will be taken into account with the IKE ID parameter to land on a group that you configure.

ONLY if you are using certificates instead of pre-shared key this will work.

If you are using pre-shared key then DefaultL2LGroup or DefaultRAGroup will be your options.

Hope this helps,

Cheers

Gilbert

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: