Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Community Member

ASA VTI Tunnel from dynamic remote address

Can I configure a VTI tunnel (the new routing type) so the destination can come from a dynamic address (i.e. where the remote device, in my case a router, has a DHCP assigned address)? 

 

I have tried various ways so far without success.  I can get a configuration to work so long as I use a static destination address and associated TUNNEL-GROUP name.

 

Is there an example config anywhere posted? 

Everyone's tags (3)
2 REPLIES
Highlighted
Community Member

Re: ASA VTI Tunnel from dynamic remote address

To elaborate slightly: By using aggressive mode I can get the ASA to use a tunnel-group which has a name, not an IP, but I cannot figure out how to get rid of the destination in the tunnel definition, e.g. 

 

interface Tunnel36
 nameif vti36
 ip address 172.26.37.1 255.255.255.0 
 tunnel source interface outside
 tunnel destination 7.7.7.1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile VTIPROFILE

That 7.7.7.1 is my problem, I can't find any syntax on the ASA side that can get rid of it and still have a VTI Tunnel Interface (which I want to use with EIGRP via BGP redistribution). 

Community Member

Re: ASA VTI Tunnel from dynamic remote address

Just for grins, I asked our partner for pre-sale help (since this is for a planned project), and was told that whether or not VTI on ASA can support a tunnel destination that is DHCP assigned is a post-sale, TAC question.

 

So ... buy it, and we'll tell you then if it works or not.

 

We're moving forward with a small router to terminate these tunnels on, at least I know that works. And nicely it supports EIGRP, so no need for BGP redistribution.

802
Views
0
Helpful
2
Replies
CreatePlease to create content