cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5265
Views
20
Helpful
11
Replies

FTD DDNS for VPN

pannkakan_1
Level 1
Level 1

Hi!

 

I have a question regarding DDNS and FTD. We get a DHCP address from our ISP on our outside interface which we're using for our VPN clients. We want to bind this address to a more convient name for example: vpn.example.com. I've read about DynDNS and No-IP but it seems you need a software on your computer. I've also found that you can configure this on routers with the CLI but im not sure if its possible on the FTD? I'm managing our FTD with our FMC.

11 Replies 11

alex.baldwin
Level 1
Level 1

I found a way to do this on the FirePower module of the ASA with firepower services (though it is totally unsupported and performed in expert mode)  However the Firepower module is not supported in later versions of the 5506 with the REST agent enabled and so I am now trying to find a way to do this with FTD so that I can move to FTD.

How did you do this?

Remember to rate useful posts

Mohammed is correct but in that document Cisco is referring to DDNS for clients behind an ASA that are using the ASA for DHCPD.  I was referring to DDNS of the ASA public IP (acquired from the ISP via DHCP) to a service like DynDNS etc.  Which is not a feature Cisco provides, and I don't know why.  so I installed the DynDNS client on the Linux FirePower instance (SFR).  I'm sure if there was a support issue, the TAC engineer's head would spin around, but it was required in this instance as there was no client on the inside that could be used to register DynDNS.

alex.baldwin
Level 1
Level 1

I found a way to do this on the FirePower module of the ASA with firepower services (though it is totally unsupported and performed in expert mode)  However the Firepower module is not supported in later versions of the 5506 with the REST agent enabled and so I am now trying to find a way to do this with FTD so that I can move to FTD.

I was able to do this with an ASA years ago with CradlePoint devices. It's hard to believe Firepower would offer less functionality than ASA, but I'm finding this more and more to be the case.

How did you do it with ASA, because I don't think I see a DynDNS integration with ASA either.

I created a dynamic map then referenced it in the crypto map. 

 

This was years ago, but I think this was the Cisco document I used to get started - https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118652-configure-asa-00.html

Is it possible to configure it using FDM ( no FMC ) ?

AFAIK it can be done from FMC only.
Review Cisco Networking for a $25 gift card