Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2729
Views
10
Helpful
3
Replies

How to configure a Dynamic-to-Static VPN tunnel between a Peplink (or Cradlepoint) with a dynamic IP address and an ASA with static IP

cure
Level 1
Level 1

‎04-16-2018 05:03 PM - edited ‎03-12-2019 05:12 AM

Hello,

 

I am trying to configure to configure a Dynamic-to-Static IPsec VPN tunnel between a Peplink (or Cradlepoint) with a dynamic IP address and an ASA (5540) with static IP, and is the first time using a Peplink (or Cradlepoint).

  LAN1 192.168.1.0/24-------.1ASA(static IP:1.1.1.1/24)=========(dynamic IP)Peplink-----LAN2 192.168.2.0/24

 

Can you please advise if the below config is right or if you can suggest any additional configuration:

crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400

 

crypto ikev1 enable outside


crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

 

crypto isakmp identity address 

tunnel-group <test> ipsec-attributes 

 ikev1 pre-shared-key ****

 

crypto dynamic-map <LAN2> 1001 set transform-set ESP-AES256-SHA
crypto dynamic-map <LAN2> 1001 192.168.2.0 255.2555.255.0
crypto dynamic-map <LAN2> 1001 set reverse-route

 

crypto dynamic-map <LAN3> 1002 set transform-set ESP-AES256-SHA
crypto dynamic-map <LAN3> 1002 192.168.3.0 255.2555.255.0
crypto dynamic-map <LAN3> 1002 set reverse-route

 

crypto map <global> 10 ipsec-isakmp dynamic <LAN2>
crypto map <global> 10 ipsec-isakmp dynamic <LAN3>

 

crypto map <global> interface outside

 

Labels:
0 Helpful
3 Replies 3

Francesco Molino
VIP Alumni
VIP Alumni

‎04-16-2018 08:10 PM

Hi

Don't know what's LAN3, your missing the nat for example as well.
I won't type all commands but everything is here:
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119007-config-asa9x-ike-ipsec-00.html#anc11

It's straight forward. For asa, just follow the configs and everything will be fine. Adapt nat configuration using your subnets.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

cure
Level 1
Level 1
In response to Francesco Molino

‎04-18-2018 02:11 PM

Thank you for your help.

 

The LAN3 was an example for  another dynamic vpn.

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎04-17-2018 01:34 AM

That should work. Just enabled DPD high recommended
Customers Also Viewed These Support Documents