Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Question with Dynamic DDNS ASA5505 and 857w

Hi I have read the posts and have not found one like this so ill ask away and hopefully someone can answer.

I understand that the ASA does not do DDNS and thats okay well maybe they will implement the HTTP request later, and then all of us without cisco logins will not be able to get the new updates.... anyways.

if i have a working router lets say a 857 with dyndns set up an working is it possible to get the ASA 5505 to understand how to be reached and get out of the gateway if the IP is dynamic on the router.

i would like to do some SSL. if not Ill go with an 877 or 887 but they are missing a few plugin options suc as rdp, vnc... could always do the CSD.

6 REPLIES
Cisco Employee

Re: Question with Dynamic DDNS ASA5505 and 857w

Not sure if I understand the setup and requirements correcly but if you have for example:

Internet ----- (dynamic public IP) router (10.0.0.1) ----- (10.0.0.2) ASA ----- LAN

Then with something like this on the router it should work:

ip nat source static tcp 10.0.0.2 443 interface Dialer1 443

interface Dialer1

  ip nat outside

interface Ethernet0

  ip nat inside

(I'm assuming it's a DSL router, if not just change Dialer1 to the appropriate ISP facing interface)

(also assuming port 443 is not in use on the router)

With this in place you should be able to enter "https://mydyndnsname" in your browser and get connected to the ASA's webvpn.

If this is not what you want then please clarify what you'd like to achieve exactly.

hth

Herbert

New Member

Re: Question with Dynamic DDNS ASA5505 and 857w

Hi thanks for getting back to me,

yes what you said about FA0 would work the only problem is that you cant do that on the 857 that is you can do

ip nat inside on that interface, its crap i know but got to live with it,

the only two other choices that i have found was to setup the router in bridge mode and or i could use maybe the

interface BVI1
description $FW_INSIDE$
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow

what do you think?

Cisco Employee

Re: Question with Dynamic DDNS ASA5505 and 857w

Not sure if DDNS would still work in bridged mode but if the BVI interface is what you would normally use to route between the LAN interfaces and the WAN interface, then yes that should work just fine in combination with the static NAT command I suggested.

Let me know

cheers

Herbert

New Member

Re: Question with Dynamic DDNS ASA5505 and 857w

Hi Herbert,

yup the BVI interface is used to route between the lan and wan, so i guess that ill need to point the asa to this interface and add the nat

as you said to be ip nat inside source static tcp 192.168.1.254 443 interface dialer0 443

the ip address of the

its the only thing that makes sence to me as the BVI is IP nat inside. I dont actually have an asa yet i wanted to find out if i could use it with the router, but yes i will let you know of course.

best

Bertrand

Cisco Employee

Re: Question with Dynamic DDNS ASA5505 and 857w

Hi Bertrand,

I noticed you have another thread https://supportforums.cisco.com/thread/2047505

Note that here you are actually doing exactly the same but just for port 443 instead of 21. So if your ISP is blocking low ports, webvpn will also not work unless you translate it to a high port (e.g. 4433). Of course then you will have to connect to https://mydyndnsname:4433

Good luck.

Herbert

New Member

Re: Question with Dynamic DDNS ASA5505 and 857w

Hi

true, ill keep thqt in mind if things are not working as they should, ill post the results and may cry for help on this new pix if it decides to not cooperate.

regards

Bertrand

578
Views
0
Helpful
6
Replies
CreatePlease to create content