Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
1
Replies

Lan to Lan IPSec tunnel to hostname...

fdetoma
Beginner
Beginner

‎04-15-2020 05:56 AM

Hi,

on a ASA firewall we neet to create a Lan to Lan IPSec tunnel to a remote peer.

This peer is a simple third party modem using a DDNS service, having it a dinamic IP address.

ASA, instead, hold a static public IP.

 

Using ASA's VPN wizard or cli, we can set remote peer using IP and (following cli command help) also hostname...

 

But in all way,  using hostname ASA shows an error and doesn't accept "DNS Name".

We've also tried on different IOS/ASDM version (from 8.2 to 9.1, etc.).

We've note some bugs related to this behavior...

Any ideas to solve?

 

Thanks!

 

Labels:
0 Helpful
1 Reply 1

felixmitonga
Beginner
Beginner

‎04-15-2020 10:32 AM

Greetings fdetoma,

if I understand well, the challenge you have is the fact that the smaller third-party router has a dynamic IP Address.

As a first step, in the ASA, try and use 0.0.0.0 0.0.0.0 as IP and SBM of the peer router, in the ipsec configuration,

and let me know what you get.

The meaning of the above step is basically to tell the ASA to receive a Dial-in request from ANY ip address.Should that work, you now have to rely on the other security features to make that connection safe, as theoretically speaking any other router can initiate the link should they have the key.

 

Please let me know what you get!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents