Re: dynamic ip vpn - Page 2

zeuscyril · ‎08-12-2008

hai friends,

i want to create site to site vpn between two sites but both the sites having dynamic ip.my question is ,is it possible to create site to site otherwise any other way is there ..if site to site is possible send any documentation

thanks

Bastien Migette · ‎12-23-2010

What devices are you using ?

You can have One device with dynamic IP using easyVPN Server/client feature for sure, and I think you can have both with dynamic IP by using a DNS name instead of IP to define ezVPN server on client.

rm760 · ‎12-23-2010

Thank you for your input but both end points devices are ASA5505 firewalls and I need site to site connectivity.

Bastien Migette · ‎12-23-2010

So you can configure one asa with remote vpn as described here:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml

and enable network extension mode:

group-policy VPNGP attributes
nem enable

and on the other side, confiugre your asa as a easy vpn client. Asa server should have a DNS pointing to its IP, you can use dynamic DNS features:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/dhcp.html#wp1091527

      vpnclient mode network-extension-mode
      vpnclient nem-st-autoconnect
      vpnclient vpngroup VPN_Tunnel password VPNPSK
      vpnclient username xauthuser password xauthpwd
      vpnclient server asaserver.mycompany.com
      vpnclient enable

Network extension mode permit that user behind the asa acting as client access and be accessed through the VPN Tunnel. Default mode (client mode) will make the client asa NAT/PAT the inside hosts so they appear as being the asa.

If that solves your pb, please mark thread as resolved and/or rate it.