cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

25355
Views
0
Helpful
5
Replies
Beginner

DMVPN on ASA

Hi

Is it possible to configure the DMVPN on ASA?, if yes then how.

I know DMVPN is not possible on PIX.

My problem is to configure the site-to-site VPN between two sites, first site having lease line with fix public IP and second site having ADSL with dynamic IP .I have ASA 5510 firewall on first and 2811 router on second site.

Regards,

Vashdev

1 ACCEPTED SOLUTION

Accepted Solutions

Re: DMVPN on ASA

Hi,

You don't need DMVPN for this.

You can set up a site-to-site tunnel using a dynamic-to-static configuration.

DMVPN is only supported on cisco routers, so not possible to implement it in routers.

This is because DMVPN still uses GRE which is supported only on routers.

Here's an example of a site-to-site when one end has a dynamic IP address assigned:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml

Hope it helps.

Federico.

View solution in original post

5 REPLIES 5

Re: DMVPN on ASA

Hi,

You don't need DMVPN for this.

You can set up a site-to-site tunnel using a dynamic-to-static configuration.

DMVPN is only supported on cisco routers, so not possible to implement it in routers.

This is because DMVPN still uses GRE which is supported only on routers.

Here's an example of a site-to-site when one end has a dynamic IP address assigned:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml

Hope it helps.

Federico.

View solution in original post

Cisco Employee

Re: DMVPN on ASA

Adding to Federico's note:

No sort of GRE termination is available on ASA (DMVPN = multipoint GRE)

If you wish to change this contact your account team let them file a PER and build a business case ... it's a first step.

Beginner

Re: DMVPN on ASA

Hi

I followed that document and that configuration is working fine, I am able to connect from ADSL (dynamic IP) to ASA lease line (Static IP) Site-toSite VPN.

Here one more question can use the same configuration for Hub and spoke VPN for Multiple remote site

Or I need to build the separate Stie-to-Site VPN configuration for each site

Regards,

Vashdev

Re: DMVPN on ASA

You need to configure each spoke for the correct site-to-site VPN to the ASA, but the ASA is already configured to accept dynamic VPN peers.

So, if you have more peers (spokes), you don't need to configure one-by-one on the ASA, since the ASA is already acting as a dynamic VPN termination endpoint.

The only details that need to be configured is for example, the remote LAN on the NAT0 ACL and if you're configuring additional optional VPN parameters.

Federico.

Highlighted
Beginner

DMVPN on ASA

I was looking for the same scenario and this helped me out just fine. Thanks!

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here