Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

urgent-Site-Site VPN with ASA having Dynamic Peers

hi all,

I got stuck in configuring Cisco ASA for site-site vpn with both peers having Dynamic IP.I cannot configure the peer identity as hostname through asdm.eg:abc.selfip.com . I checked in the NetPro also, but I didn't get any satisfactory explanation.This scenario is possible in some other devices like Sonicwall, where we can enter the peer identity as hostname at both sides.

Can someone help me on this issue.

3 REPLIES
New Member

Re: urgent-Site-Site VPN with ASA having Dynamic Peers

Hi!

I'm sorry, but according to my knowlege this isn't possible with 2 Cisco ASA's with a dynamic IP on each side of the VPN. At least one side needs to have a static IP (the other side would connect with aggressive mode).

You could configure one side (e.g. called BR) as an EasyVPN Hardware Client, which connects to the other side (e.g. called HQ) via FQDN. You would need to run a DynDNS service at the HQ side (also not supported on the ASA).

However if the HQ IP changes, the DNS cache of the BR ASA still holds the old IP. The BR ASA would need to be rebooted for it to connect again in a reasonable amount of time. This was the case with ASA v7.2(4)...maybe the behavior is different with v8.2(1)

Site-to-Site VPNs work most reliable if both sides have static IP's.

hth

Ingo

Re: urgent-Site-Site VPN with ASA having Dynamic Peers

At least one end must know the IP of the remote end. You cannot use domains names without using certificates.

What you are trying to do is not possible.

HTH>

New Member

Re: urgent-Site-Site VPN with ASA having Dynamic Peers

hi,

can I establish site-site by creating certificates of domain names.If so how can I do that.

regards

dileep

157
Views
0
Helpful
3
Replies
CreatePlease to create content