01-14-2015 08:25 AM
Hi all,
One of the customers did the following question.
They have an ASA 5510 and they will implement dynamic site to site vpn, because some of their customers don't have a static IP.
What they want to know, if instead of creating a vpn configuration for every new site, they can have only one vpn configuration for all the new sites they are adding.
Thanks!
Solved! Go to Solution.
01-14-2015 11:27 AM
Perhaps you will find information in these discussions that will help you understand what is needed
https://supportforums.cisco.com/discussion/11624431/site-site-vpn-if-remote-asa-has-dynamic-ip-outside
this link has a good example of configuring ASA to do VPN to peer that uses dynamic IP
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112075-dynamic-ipsec-asa-router-ccp.html
HTH
Rick
01-14-2015 09:55 AM
If I am understanding your question correctly then the answer is yes the customer will configure just a single instance of a dynamic map on the ASA with the fixed IP and multiple remote peers with dynamic addresses will negotiate VPN sessions to it. In this environment the hub ASA with fixed address does not have a per peer entry in its crypto map but has a single dynamic entry that multiple remote peers will use.
HTH
Rick
01-14-2015 10:45 AM
Hello Richard,
Thanks for your reply, I found this configuration
!!!!!
pre-shared-key <PRE-SHARED KEY>
access-list ENCDOM-100 permit ip 172.16.1.0 255.255.255.0 10.1.100.0 255.255.255.0
01-14-2015 11:27 AM
Perhaps you will find information in these discussions that will help you understand what is needed
https://supportforums.cisco.com/discussion/11624431/site-site-vpn-if-remote-asa-has-dynamic-ip-outside
this link has a good example of configuring ASA to do VPN to peer that uses dynamic IP
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112075-dynamic-ipsec-asa-router-ccp.html
HTH
Rick
01-14-2015 12:26 PM
I am glad that my response was helpful. Thank you for using the rating system to mark this question as answered. This will help other readers in the forum to identify threads that have helpful information.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide