06-05-2010 07:03 AM - edited 02-21-2020 04:41 PM
Hi
Is it possible to configure the DMVPN on ASA?, if yes then how.
I know DMVPN is not possible on PIX.
My problem is to configure the site-to-site VPN between two sites, first site having lease line with fix public IP and second site having ADSL with dynamic IP .I have ASA 5510 firewall on first and 2811 router on second site.
Regards,
Vashdev
Solved! Go to Solution.
06-05-2010 09:54 AM
Hi,
You don't need DMVPN for this.
You can set up a site-to-site tunnel using a dynamic-to-static configuration.
DMVPN is only supported on cisco routers, so not possible to implement it in routers.
This is because DMVPN still uses GRE which is supported only on routers.
Here's an example of a site-to-site when one end has a dynamic IP address assigned:
Hope it helps.
Federico.
06-05-2010 09:54 AM
Hi,
You don't need DMVPN for this.
You can set up a site-to-site tunnel using a dynamic-to-static configuration.
DMVPN is only supported on cisco routers, so not possible to implement it in routers.
This is because DMVPN still uses GRE which is supported only on routers.
Here's an example of a site-to-site when one end has a dynamic IP address assigned:
Hope it helps.
Federico.
06-06-2010 01:22 AM
Adding to Federico's note:
No sort of GRE termination is available on ASA (DMVPN = multipoint GRE)
If you wish to change this contact your account team let them file a PER and build a business case ... it's a first step.
06-06-2010 09:50 AM
Hi
I followed that document and that configuration is working fine, I am able to connect from ADSL (dynamic IP) to ASA lease line (Static IP) Site-toSite VPN.
Here one more question can use the same configuration for Hub and spoke VPN for Multiple remote site
Or I need to build the separate Stie-to-Site VPN configuration for each site
Regards,
Vashdev
06-06-2010 10:33 AM
You need to configure each spoke for the correct site-to-site VPN to the ASA, but the ASA is already configured to accept dynamic VPN peers.
So, if you have more peers (spokes), you don't need to configure one-by-one on the ASA, since the ASA is already acting as a dynamic VPN termination endpoint.
The only details that need to be configured is for example, the remote LAN on the NAT0 ACL and if you're configuring additional optional VPN parameters.
Federico.
06-12-2012 11:13 AM
I was looking for the same scenario and this helped me out just fine. Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide