Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA 5510 Multiple dynamic L2L VPN config needed

Hello,

We are having Cisco asa 5510 with static IP. Also we have a remote office with a dynamic IP. Now we are having dynamic to static L2L VPN configured. And now we need to add new tunnel to another site with a dynamic IP. Is it possible? Does anybody have a woking example, or manual?

Oleg Kobelev

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Cisco ASA 5510 Multiple dynamic L2L VPN config needed

The only config you need in the ASA is:-

1) Crypto Transform set

2) ISAKMP Policy

3) Dynamic Crypto Map

4) Default L2L group & PSK

5) RRI (Reverse Route Injection) Config

HTH>

5 REPLIES

Re: Cisco ASA 5510 Multiple dynamic L2L VPN config needed

New Member

Re: Cisco ASA 5510 Multiple dynamic L2L VPN config needed

Thank you for your example. But now i have such configu

ration. My problem is to add new dynamic tunnel to existing configuration.

There are in the example:

!--- The security appliance provides the default tunnel groups
!--- for Lan to Lan access (DefaultL2LGroup) and configure the preshared key
!--- (cisco123) to authenticate the remote router. 

Should i use the same preshared key on the new site? Or i had to create new tunnel group?

Oleg Kobelev

Re: Cisco ASA 5510 Multiple dynamic L2L VPN config needed

When you have configured a dynamic L2L tunnel - you can have only 1 psk.  As it's a default L2L - that is the difference to a specific PEER config.

So I would suggest you choose a long & complex PSK as you have to use it for ALL dynamic L2L VPN's.

HTH>

New Member

Re: Cisco ASA 5510 Multiple dynamic L2L VPN config needed

So, i have to add only access

-list entery for new network? No new crypto map and isakmp policy?

Oleg Kobelev

Re: Cisco ASA 5510 Multiple dynamic L2L VPN config needed

The only config you need in the ASA is:-

1) Crypto Transform set

2) ISAKMP Policy

3) Dynamic Crypto Map

4) Default L2L group & PSK

5) RRI (Reverse Route Injection) Config

HTH>

3267
Views
6
Helpful
5
Replies