cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1182
Views
0
Helpful
1
Replies

Configuring VPN on ASA 5505 in DSL PPPoE

AMMAnujit
Level 1
Level 1

Dear Experts,

 

I am a newbee in this area. So please pardon me if I am not speaking the language of the technology.

 

In our company, I am trying configure a VPN connection. We had a DSL connection which was running through AVM FritzBox 7490. 

 

I have modified the Fritzbox to be used as bridge (please correct me if I am wrong) and enabled PPPoE. The ASA 5505 router is behind the Fritzbox now with PPPoE as the outside interface. Everything is working fine with the network.

 

My next task is to configure a VPN connection so that people from other sites are able to connect to the network at our site. I could set it up as IPSec Remote Access Wizard and it is also working.

 

But there is one problem: The Public IP of the VPN Server (ASA device) is changing continuously. That means, each time someone wants to access VPN should ask me the current public IP and login. I tried the to make Public IP fixed (with one of the IP that ASA was holding at that time) but it returned an error. Also it was asking for Subnet Mask 255.255.255.255 which was not aveilable in the list.

 

Is there anyway that I can control the Public IP? Or am I making a mistake somewhere? I tried searching in the web, but could not find a solution. Can you please help me?

 

Thanks in advance!

1 Reply 1

GioGonza
Level 4
Level 4

Hello @AMMAnujit

 

Your solution is Dynamic to Static VPN tunnel, in your case the ASA Public IP is changing so you cannot create a static crypto map in order to make it work, you need to implement Dyn to Sta VPN. 

 

Basically as your ASA is changing the IP, it will initiate all the traffic and build the VPN tunnel every single time since the remote end will not know where to send the traffic since the static configuration is not present. 

 

Here is the link for IKEv1: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119007-config-asa9x-ike-ipsec-00.html

 

Here is the link for IKEv2: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118652-configure-asa-00.html

 

HTH

Gio

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: