03-16-2007 11:15 AM - edited 02-21-2020 02:55 PM
The Cisco 5510 has a fixed IP address, but the Linksys BEFSX41 does not. I'm planning to use the Cisco/Linksys as a replacement for a pair of ZyWall 10 VPN routers. The ZyWall's allow me to specify (on the fixed IP end) the FQDN of the dynamic IP end, but it doesn't seem that the Cisco does.
I've read some posts that seem to describe similar configurations, but it's not clear how to implement them on the 5510.
The Cisco/Linksys solution was recommended by CDW as a replacement for the ZyWall's, but if it doesn't have this feature, it's pretty much useless.
03-17-2007 05:38 AM
Why don't you configure a dynamic to static tunnel ?
The tunnel will land on DefaultRAGroup or DefaulL2LGroup depending on how the Linksys initiates the connection.
-Kanishka
03-17-2007 09:24 AM
Does the Linksys BEFSX41 support the use of certificates? (I personally haven't seen it) If it does, then you can make the certificate parameter to land on a separate tunnel-group by using FQDN
tunnel-group-map enable ike-id
will be the option to use on the ASA.
So, the certificate sent from the remote end will be taken into account with the IKE ID parameter to land on a group that you configure.
ONLY if you are using certificates instead of pre-shared key this will work.
If you are using pre-shared key then DefaultL2LGroup or DefaultRAGroup will be your options.
Hope this helps,
Cheers
Gilbert
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: