08-05-2009 12:24 AM
hi all,
I got stuck in configuring Cisco ASA for site-site vpn with both peers having Dynamic IP.I cannot configure the peer identity as hostname through asdm.eg:abc.selfip.com . I checked in the NetPro also, but I didn't get any satisfactory explanation.This scenario is possible in some other devices like Sonicwall, where we can enter the peer identity as hostname at both sides.
Can someone help me on this issue.
08-05-2009 05:22 AM
Hi!
I'm sorry, but according to my knowlege this isn't possible with 2 Cisco ASA's with a dynamic IP on each side of the VPN. At least one side needs to have a static IP (the other side would connect with aggressive mode).
You could configure one side (e.g. called BR) as an EasyVPN Hardware Client, which connects to the other side (e.g. called HQ) via FQDN. You would need to run a DynDNS service at the HQ side (also not supported on the ASA).
However if the HQ IP changes, the DNS cache of the BR ASA still holds the old IP. The BR ASA would need to be rebooted for it to connect again in a reasonable amount of time. This was the case with ASA v7.2(4)...maybe the behavior is different with v8.2(1)
Site-to-Site VPNs work most reliable if both sides have static IP's.
hth
Ingo
08-05-2009 05:23 AM
At least one end must know the IP of the remote end. You cannot use domains names without using certificates.
What you are trying to do is not possible.
HTH>
08-05-2009 09:02 PM
hi,
can I establish site-site by creating certificates of domain names.If so how can I do that.
regards
dileep
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: