urgent-Site-Site VPN with ASA having Dynamic Peers
I got stuck in configuring Cisco ASA for site-site vpn with both peers having Dynamic IP.I cannot configure the peer identity as hostname through asdm.eg:abc.selfip.com . I checked in the NetPro also, but I didn't get any satisfactory explanation.This scenario is possible in some other devices like Sonicwall, where we can enter the peer identity as hostname at both sides.
Re: urgent-Site-Site VPN with ASA having Dynamic Peers
I'm sorry, but according to my knowlege this isn't possible with 2 Cisco ASA's with a dynamic IP on each side of the VPN. At least one side needs to have a static IP (the other side would connect with aggressive mode).
You could configure one side (e.g. called BR) as an EasyVPN Hardware Client, which connects to the other side (e.g. called HQ) via FQDN. You would need to run a DynDNS service at the HQ side (also not supported on the ASA).
However if the HQ IP changes, the DNS cache of the BR ASA still holds the old IP. The BR ASA would need to be rebooted for it to connect again in a reasonable amount of time. This was the case with ASA v7.2(4)...maybe the behavior is different with v8.2(1)
Site-to-Site VPNs work most reliable if both sides have static IP's.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :