Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
5
Helpful
3
Replies

New L2L vpn, how does 1 point first find the remote public address?

Go to solution
jmaxwellUSAF
VIP
VIP

‎01-19-2023 08:56 AM

New L2L vpn, how does 1 point first find the remote public address,?

The 2 public endpoints must find eachother over the www, public IP addresses are assigned to new www endpoints all the time.

So, how does a new route establish in the first place?

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎01-19-2023 10:25 AM

@jmaxwellUSAF any new network would need to be advertised using a dynamic routing protocol, the other devices would route out via their default route and communicate with the new IP network.

Routing is the basic requirement to establish a VPN, so you'd use traceroute determine path and ping to determine reachability of the peer when troubleshooting.

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎01-19-2023 09:07 AM

@jmaxwellUSAF I am not really sure I understand of your question, so a guess.....

Are you referring to ASA/FTD/router with a dynamic public IP address? Therefore you do not know the public IP address to peer with?

Assuming you have 1 static IP address on the hub side, the spoke sides can have a dynamic IP address - you would create a dynamic crypto map or from ASA 9.19 (FTD 7.3) you can use a dVTI. Or if using a router use DMVPN or FlexVPN.

 

0 Helpful

Go to solution
jmaxwellUSAF
VIP
VIP
In response to Rob Ingram

‎01-19-2023 10:18 AM - edited ‎01-19-2023 10:19 AM

My question is simple-- Our organization ads and removes public IP addresses all the time. How does a vendor gain knowledge of a route to our newly assigned IP address location?

At the highest level, does the ISP actively discover new endpoints, and calculate a route through a routing protocol, then send this route through the www routing tables, so that a vendor will gain connectivity to my enterprise new public ip-address because it simply has a default gateway with an always-updating www routing table?

This is relevant knowledge when troubleshooting VPNs refusing to turn-on.

Thank you.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎01-19-2023 10:25 AM

@jmaxwellUSAF any new network would need to be advertised using a dynamic routing protocol, the other devices would route out via their default route and communicate with the new IP network.

Routing is the basic requirement to establish a VPN, so you'd use traceroute determine path and ping to determine reachability of the peer when troubleshooting.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents