Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5263
Views
20
Helpful
11
Replies

FTD DDNS for VPN

pannkakan_1
Level 1
Level 1

‎07-05-2018 12:40 AM - edited ‎02-21-2020 07:56 AM

Hi!

 

I have a question regarding DDNS and FTD. We get a DHCP address from our ISP on our outside interface which we're using for our VPN clients. We want to bind this address to a more convient name for example: vpn.example.com. I've read about DynDNS and No-IP but it seems you need a software on your computer. I've also found that you can configure this on routers with the CLI but im not sure if its possible on the FTD? I'm managing our FTD with our FMC.

1 person had this problem
Labels:
0 Helpful
11 Replies 11

alex.baldwin
Level 1
Level 1

‎02-21-2019 01:00 PM

I found a way to do this on the FirePower module of the ASA with firepower services (though it is totally unsupported and performed in expert mode)  However the Firepower module is not supported in later versions of the 5506 with the REST agent enabled and so I am now trying to find a way to do this with FTD so that I can move to FTD.

darknight
Level 1
Level 1
In response to alex.baldwin

‎06-26-2019 07:14 AM

How did you do this?

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to Mohammed al Baqari

‎06-26-2019 10:57 AM

Remember to rate useful posts
0 Helpful

alex.baldwin
Level 1
Level 1
In response to Mohammed al Baqari

‎06-28-2019 11:27 AM

Mohammed is correct but in that document Cisco is referring to DDNS for clients behind an ASA that are using the ASA for DHCPD.  I was referring to DDNS of the ASA public IP (acquired from the ISP via DHCP) to a service like DynDNS etc.  Which is not a feature Cisco provides, and I don't know why.  so I installed the DynDNS client on the Linux FirePower instance (SFR).  I'm sure if there was a support issue, the TAC engineer's head would spin around, but it was required in this instance as there was no client on the inside that could be used to register DynDNS.

0 Helpful

alex.baldwin
Level 1
Level 1

‎02-21-2019 01:01 PM

I found a way to do this on the FirePower module of the ASA with firepower services (though it is totally unsupported and performed in expert mode)  However the Firepower module is not supported in later versions of the 5506 with the REST agent enabled and so I am now trying to find a way to do this with FTD so that I can move to FTD.

darknight
Level 1
Level 1
In response to alex.baldwin

‎07-03-2019 05:43 AM

I was able to do this with an ASA years ago with CradlePoint devices. It's hard to believe Firepower would offer less functionality than ASA, but I'm finding this more and more to be the case.

0 Helpful

alex.baldwin
Level 1
Level 1
In response to darknight

‎07-03-2019 07:06 AM

How did you do it with ASA, because I don't think I see a DynDNS integration with ASA either.

0 Helpful

darknight
Level 1
Level 1
In response to alex.baldwin

‎07-03-2019 07:36 AM

I created a dynamic map then referenced it in the crypto map. 

 

This was years ago, but I think this was the Cisco document I used to get started - https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118652-configure-asa-00.html

0 Helpful

IvanAlvarenga25979
Level 1
Level 1

‎02-10-2021 08:10 AM

Is it possible to configure it using FDM ( no FMC ) ?

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to IvanAlvarenga25979

‎02-10-2021 08:59 AM

AFAIK it can be done from FMC only.
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card