Can I configure a VTI tunnel (the new routing type) so the destination can come from a dynamic address (i.e. where the remote device, in my case a router, has a DHCP assigned address)?
I have tried various ways so far without success. I can get a configuration to work so long as I use a static destination address and associated TUNNEL-GROUP name.
Is there an example config anywhere posted?
To elaborate slightly: By using aggressive mode I can get the ASA to use a tunnel-group which has a name, not an IP, but I cannot figure out how to get rid of the destination in the tunnel definition, e.g.
interface Tunnel36 nameif vti36 ip address 172.26.37.1 255.255.255.0 tunnel source interface outside tunnel destination 220.127.116.11 tunnel mode ipsec ipv4 tunnel protection ipsec profile VTIPROFILE
That 18.104.22.168 is my problem, I can't find any syntax on the ASA side that can get rid of it and still have a VTI Tunnel Interface (which I want to use with EIGRP via BGP redistribution).
Just for grins, I asked our partner for pre-sale help (since this is for a planned project), and was told that whether or not VTI on ASA can support a tunnel destination that is DHCP assigned is a post-sale, TAC question.
So ... buy it, and we'll tell you then if it works or not.
We're moving forward with a small router to terminate these tunnels on, at least I know that works. And nicely it supports EIGRP, so no need for BGP redistribution.