cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1561
Views
0
Helpful
2
Replies

Site 2 Site VPN between ASA & SSG firewalls with one end with dynamic IP address

nsss
Level 1
Level 1

I am trying to setup a site to site VPN between ASA 5510 and SSG 140 firewall. ASA end of the VPN is having dynamic public IP address.  I tried sending hostname as peer identity on ASA  by changing the IKE parameter setting but SSG somehow is not able to match the hostname of remote peer and reporting remote as unrecognized peer. Does someone has experience in setting up site 2 site VPN in similar setup?

2 Replies 2

otillig
Level 1
Level 1

Hello,

we do it with an dyndns account name and you have to use agressive mode.

scarlato63
Level 1
Level 1

Hi There, first of all. the system keeps returning back with the message that the outside going interface is 0/0.

We have a Trust-VR and within is the : eth0/0-Trust; Eth0/2-Untrust; Eth0/1-DMZ; Eth0/4-Vlan; Eth0/6-0/8-BCS

I have a Tunnel1 interface and need to create MIP`s but now have the problem that the SSG-140 says that outside going interface is 0/0. Do I create the MIP`s on different interface or on the Trust-Eth0/0?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: