I am running an ASA with 8.4(3) and am trying to setup a dynamic VPN tunnel. We are having a business reason to establish a VPN tunnel to customers who do not have nailed down IP addresses. Now I found a number of documents that outline the steps involved. It seems the basic steps were to
Establish a regular tunnel
Add dynamic crypto map
Assign the dynamic crypto map to the tunnel created under step 1.
While this sounds pretty straight forward and simple, while prepping for doing just this I hot a road block while thinking it through. In order for my ASA to put anything into the tunnel it has to have a route to the remote network pointing at my VPN peer at the end of the tunnel. How do I do this in a dynamic tunnel? How do I add a dynamic route so the ASA knows which tunnel to stuff the traffic into? How do I stop the traffic from just being send to the Internet?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...