Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
5
Helpful
3
Replies

New L2L vpn, how does 1 point first find the remote public address?

Go to solution
jmaxwellUSAF
VIP
VIP

‎01-19-2023 08:56 AM

New L2L vpn, how does 1 point first find the remote public address,?

The 2 public endpoints must find eachother over the www, public IP addresses are assigned to new www endpoints all the time.

So, how does a new route establish in the first place?

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎01-19-2023 10:25 AM

@jmaxwellUSAF any new network would need to be advertised using a dynamic routing protocol, the other devices would route out via their default route and communicate with the new IP network.

Routing is the basic requirement to establish a VPN, so you'd use traceroute determine path and ping to determine reachability of the peer when troubleshooting.

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎01-19-2023 09:07 AM

@jmaxwellUSAF I am not really sure I understand of your question, so a guess.....

Are you referring to ASA/FTD/router with a dynamic public IP address? Therefore you do not know the public IP address to peer with?

Assuming you have 1 static IP address on the hub side, the spoke sides can have a dynamic IP address - you would create a dynamic crypto map or from ASA 9.19 (FTD 7.3) you can use a dVTI. Or if using a router use DMVPN or FlexVPN.

 

0 Helpful

Go to solution
jmaxwellUSAF
VIP
VIP
In response to Rob Ingram

‎01-19-2023 10:18 AM - edited ‎01-19-2023 10:19 AM

My question is simple-- Our organization ads and removes public IP addresses all the time. How does a vendor gain knowledge of a route to our newly assigned IP address location?

At the highest level, does the ISP actively discover new endpoints, and calculate a route through a routing protocol, then send this route through the www routing tables, so that a vendor will gain connectivity to my enterprise new public ip-address because it simply has a default gateway with an always-updating www routing table?

This is relevant knowledge when troubleshooting VPNs refusing to turn-on.

Thank you.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎01-19-2023 10:25 AM

@jmaxwellUSAF any new network would need to be advertised using a dynamic routing protocol, the other devices would route out via their default route and communicate with the new IP network.

Routing is the basic requirement to establish a VPN, so you'd use traceroute determine path and ping to determine reachability of the peer when troubleshooting.

Customers Also Viewed These Support Documents