Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ASA Remote Access VPN with Dynamic Outside IP

Hi forum,

I was wondering if it was possible to set up an ASA to provide remote access VPN connections (either/both IPSEC or WebVPN/SSL) from the outside world if the outside IP address is dynamic (i.e. obtained through DHCP)?  I understand how to use DynamicDNS to provide a hostname to VPN clients, I'm simply asking whether the ASA can be configured to allow VPN connections in from a DHCP addressed interface.  I understand there are issues with site-to-site VPNs when both sides are dynamically addressed, but it seems like the remote access VPN should work.  Just hoping to confirm this before I go and work on a config.

Thanks in advance....

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA Remote Access VPN with Dynamic Outside IP

The same configuration applies.

I believe the only difference is that the outside IP with be dynamic:

interface e0/0

ip address dhcp setroute

crypto map

The only difference is that the VPN clients (the PCF file) should have the VPN connection to a hostname (instead than to an IP) and that IP should be resolved to the IPs of the ASA.

I'll try to find you a configuration example if you don't find it.

Federico.

3 REPLIES

Re: ASA Remote Access VPN with Dynamic Outside IP

Hi,

Yes you can.

You configure VPN server on the ASA and apply the crypto map to the outside interface.

The VPN clients will connect to a hostname instead than to an IP.

As long as the hostname is published via DNS, the VPN clients can resolve it, they will connect.

I don't have a configuration example handy, but you can do it.

Federico.

Community Member

Re: ASA Remote Access VPN with Dynamic Outside IP

Thanks.  I've set up VPNs on a few boxes with static IP addresses.  Is there anything different that I need to configure?  Or does the same VPN

configuration work for both static and dynamic outside IP addresses?

Thanks...

Re: ASA Remote Access VPN with Dynamic Outside IP

The same configuration applies.

I believe the only difference is that the outside IP with be dynamic:

interface e0/0

ip address dhcp setroute

crypto map

The only difference is that the VPN clients (the PCF file) should have the VPN connection to a hostname (instead than to an IP) and that IP should be resolved to the IPs of the ASA.

I'll try to find you a configuration example if you don't find it.

Federico.

469
Views
0
Helpful
3
Replies
CreatePlease to create content