03-26-2009 08:30 AM
I am trying to set up a site-site VPN between two sites. The Cisco ASA 5505 has a static public IP and the site with an Adtran router has a dynamic IP on the public interface. I have successfully gotten site-site working many times when both are static, but I have never done one where the initiating site is dynamic. How do you configure this on the ASA? I tried to put 0.0.0.0 as the peer IP address in the site-site vpn wizard, but it won't take it. If I try it at a command line, it takes it, but doesn't show it in the config.
Is there a proper procedure to configure this? I understand you can possibly do it with Cisco EasyVPN, but I would like to avoid using that if at all possible.
Thanks.
03-27-2009 01:10 AM
Hi,
yes it is possible. Please check the following document.
http://cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml
In this example the other end is a Pix. However on ASA with dynamic ip address you need to configure VPN just as you do it for static ip address.
06-01-2009 10:23 AM
I'm trying to accomplish the same thing with an ASA 5505 and another VPN device. I've followed the doc you provided and the ASA always tries to match the connection to the "DefaultRAGroup" , it never matches the L2L group I created. Any idea what I'm doing wrong?
06-01-2009 02:04 PM
Jeremy
Did you configure this with a dynamic map or with peer 0.0.0.0? The message indicates that your ASA is treating this as Remote Access instead of Lan to Lan.
Perhaps it would be easier to figure out the problem if you would post the config.
HTH
Rick
06-02-2009 05:10 AM
I figured it out myself, thanks for the response.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide