ASA L2L VPN with Remote DHCP

nshoe18 · ‎11-13-2016

I have a funny setup I am trying to finalize and struggling a bit.

I need to setup a 5505 behind an ISP provided router. The 5505 then needs to make a L2L tunnel back to the corporate 5525. Once that tunnel is established I need to have a phone on the remote side plugged directly into the ASA pull a DHCP address from the corporate DHCP pool and connect to the phone server on the corporate network.

I have tried this a couple of ways but have had no success getting the tunnel to come up. When I connect the ASA to the ISP router, the outside interface for the ASA should be an address on the client side of the ISP router correct, i.e. 192.168.0.x? Then the corporate side should use the static public IP of the ISP router to create the L2L tunnel if I am thinking of this properly.

Once I have that I setup DHCPrelay on the remote ASA to grab an address from the proper DHCP pool/server and I should be good, but I am struggling getting the tunnel up first and then from there, I guess I have to test the other pieces.

Am I going about this wrong? Should the tunnel be from outside to outside or is there another way to do this. This is a bit outside my knowledge of security so I am here looking for some ideas.

Thank you in advance.

Aditya Ganjoo · ‎11-13-2016

Hi,

Please check this link, I think this matches your query:

https://supportforums.cisco.com/blog/149511

Regards,

Aditya

Please rate helpful posts and mark correct answers.

nshoe18 · ‎11-14-2016

I have read through this a couple of times. What I am confused about is, do you setup the L2L tunnel to go Inside to Inside or Outside to Outside?

I have never done an inside to inside tunnel so I am a little in the dark about that.