I am trying to find the best way to setup a VPN between a remote C800 series router and an ASA5505 at the headend. The remote router has a dynamic WAN IP and I want to be able to connect back down the tunnel to the router's LAN from the LAN at the ASA end. I have the remote router registering with dnyDNS but can't get the ASA to use a domain-name for the peer.
The only way your ASA will use hostnames for the vpn connection is when using Digital certificates for IKE authentication or if the connection is coming via aggressive mode. That means that the use of domain name for the peer on under the crypto map is something the ASA does not support.
Thank you for that feedback. So I have tried to setup an easy vpn connection and have been able to use the reverse router feature to install a route on the ASA. This seems to provide me with the connectivity in both directions however it seems to only work if the remote site initiates traffic first. Then the head end can communicate with the remote LAN. Can you please tell me how else I can achieve this i.e. VPN with the Headend able to initiate traffic while the remote site is not using a static IP address.
From what I have seen the remote client intiates the VPN session as soon as it boots up and the session will stay up for the configured idle time. When the tunnel is up the headend can only communicate with the remote LAN when traffic initiated from the remote LAN. Communication is only available for a small period of time. The tunnel never goes down and the SA's are still present. I have setup the remote site to get NTP of the headend LAN so this way there is always some traffic initiated from the remote device. This is a work around until I can find a proper solution.
OK let me see if I got it right, when the remote end initiates the tunnel it can pass traffic fine but then after a period of time the tunnel is not able to pass any more traffic regardless of the fact that the tunnel shows up along with the SA active?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :