Re: Cisco ASA 5515-X DDNS Setup

Blackbird2018 · ‎07-02-2019

Hi Guys

I have setup a DDNS account with Dynu, and everything is working fine, I just have one issue, I am getting a DHCP address from my ISP and when this address changes it does not update Dynu DDNS service, so I opened a support ticket with them and they told me to try this https://www.dynu.com/DynamicDNS/IPUpdateClient/Cisco-router-2851, the only problem is that ASA does not have the command shown below, is there another way I can add the below config so that my ASA can update Dynu when my public IP changes.

Cisco(DDNS-update-method)# HTTP
Cisco(DDNS-HTTP)# add http://api.dynu.com/nic/update?hostname=YOURHOSTNAME&password=YOURPASSWORD

Thanks

Francesco Molino · ‎07-02-2019

Hi

Here a documentation for ddns on ASA: https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/basic_ddns.pdf

In summary, you'll need to configure the ddns globally:

ddns update method http://api.dynu.com/nic/update?password=YOURPASSWORD&hostname=
ddns both
interval maximum 0 4 0 0

Then attach it to your outside interface:

interface e1/1

ddns update hostname YOURHOSTNAME
ddns update http://api.dynu.com/nic/update?password=YOURPASSWORD&hostname=

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Blackbird2018 · ‎07-03-2019

Hi Francesco

I cannot seem to enter the question mark after update, I have tried Ctrl+V than pressing ? but it does not work, maybe its different in the IOS version I am using which is 9.12(2).

Also for the below update method is the below test command correct hostname is Testhost and password is Password1

http://api.dynu.com/nic/update?password=Password1&hostname=Testhost

Francesco Molino · ‎07-03-2019

You need to paste everything before the ? sign, then do ctrl+v and then paste the remaining stuff.
I believe your hostname should looks like a fqdn and not just a simple hostname.
You can also use the auto-update feature, check here: https://community.cisco.com/t5/firewalls/dynamic-dns-functionality/td-p/816451

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Blackbird2018 · ‎07-03-2019

Hi Francesco

I manage to add the command after a few goes and now have a few DDNS update methods mostly with mistakes, when I go to remove the other ones I get error Error ddns update method http:// and so on does not exit, I am simply copying the commands from the sh run command and putting a no in front of it and that is not working any ideas.

I have also tried to delete them from the ASDM, it deletes the entries but when I refresh they are back again.

Also the IOS summarises a long command with $ how do I remove that so I see the whole command on one line.

Thanks

Blackbird2018 · ‎07-04-2019

Hi Francesco

Just an update I manage to remove the old DDNS config, I had to use clear config ddns command which worked.

But when I go to enter ddns update http://api.dynu.com/nic/update?password=YOURPASSWORD&hostname=

on the outside interface I get error DYNUPD: method http://and so on is not configured.

Any thoughts.

also do you know how to remove how IOS summarises a long command with $.

Thanks

Blackbird2018 · ‎07-04-2019

Hi Francesco

Sorry I fixed the DYNUPD: I was missing the method command after update, everything thing is configured as shown below but the asa is still not updating the IP address on dynu.

hostname xxxxx
domain-name dynu.net

names
ddns update method http://api.dynu.com/nic/update?password=xxxx&hostname=xxxx.dynu.net
ddns both
interval maximum 0 0 5 0
!
ddns update method http://api.dynu.com/nic/update?password=xxxxx&hostname=xxxxx.dynu.net

!
interface GigabitEthernet0/0
description Outside
nameif NBN
security-level 0
ddns update hostname xxxxx.dynu.net
dhcp client update dns server both
ip address dhcp setroute

Any suggestions

Thanks

Blackbird2018 · ‎07-05-2019

Hi All

After doing some more research I found this on dynu forum https://www.dynu.com/en-US/Forum/ViewTopic/Proper-hostname-when-using-Cisco-ASA/3445 it looks like I had the username and password wrong way around and did not use https I have done that now, updated config below, still does not update dynu ddns service.

hostname xxxxxxx
domain-name dynu.net

names
ddns update method https://api.dynu.com/nic/update?hostname=xxxx.dynu.net&password=xxxxxx
ddns both
interval maximum 0 0 2 0

!
interface GigabitEthernet0/0
description Outside
nameif NBN
security-level 0
ddns update hostname xxxxx.dynu.net
dhcp client update dns server both
ip address dhcp setroute

Any help would be appreciated.

Thanks

robert.rutledge1 · ‎10-17-2019

Where you ever able to successfully get your ASA configured to work properly with Dynu?

I have a 5520 ASA that I am trying to configure for the same thing (ISP hands out DHCP address).

Would you mind sharing your findings or maybe give me a short walk through..maybe some redacted screen shots?

I'm configuring through the ASDM (v7.9) and I honestly don't know what to input. When adding a new update method I don't know if it wants the Dynu address, just a simple name of my choice, or what. I have a Cisco guide on DDNS, but I can't seem to get what I need from it and like you the document I found on Dynu's site had command line arguments that I could not use.

Any help would be incredibly appreciated...thank you so much in advance!

Blackbird2018 · ‎10-17-2019

Hi Robert

I am still waiting for a solution, I have another thread here : https://community.cisco.com/t5/firewalls/cisco-asa-5515-x-ddns-debug/m-p/3937516#M182182

I am waiting for Balaji to load my config and see if he can get it working, updated will be posted on that thread.

Thanks

robert.rutledge1 · ‎10-18-2019

Hello,

Thanks for the reply. I've got the other link and will watch that as well. I think that if Dynu is not able to help those of us with ASA's and Cisco (for whatever reason) is unable to help I may bite the bullet and just pay for something like DynDNS that I know can work with ASA's.

As simple of a process as this is I don't understand why it doesn't work. I will engage my Cisco channels as well and if I am able to come up with a solution will make sure to let you (and the rest of the community) know.

Keep me posted!