Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
0
Helpful
1
Replies

Lan to Lan IPSec tunnel to hostname...

fdetoma
Level 1
Level 1

‎04-15-2020 05:56 AM

Hi,

on a ASA firewall we neet to create a Lan to Lan IPSec tunnel to a remote peer.

This peer is a simple third party modem using a DDNS service, having it a dinamic IP address.

ASA, instead, hold a static public IP.

 

Using ASA's VPN wizard or cli, we can set remote peer using IP and (following cli command help) also hostname...

 

But in all way,  using hostname ASA shows an error and doesn't accept "DNS Name".

We've also tried on different IOS/ASDM version (from 8.2 to 9.1, etc.).

We've note some bugs related to this behavior...

Any ideas to solve?

 

Thanks!

 

Labels:
0 Helpful
1 Reply 1

felixmitonga
Level 1
Level 1

‎04-15-2020 10:32 AM

Greetings fdetoma,

if I understand well, the challenge you have is the fact that the smaller third-party router has a dynamic IP Address.

As a first step, in the ASA, try and use 0.0.0.0 0.0.0.0 as IP and SBM of the peer router, in the ipsec configuration,

and let me know what you get.

The meaning of the above step is basically to tell the ASA to receive a Dial-in request from ANY ip address.Should that work, you now have to rely on the other security features to make that connection safe, as theoretically speaking any other router can initiate the link should they have the key.

 

Please let me know what you get!

0 Helpful
Customers Also Viewed These Support Documents