Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5485
Views
0
Helpful
32
Replies

site to site between ASA 5510 (8.4(2)) w/ static IP and Dlink DIR130 w/ dynamic IP.

Go to solution
sean.a.murphy
Level 1
Level 1

‎07-18-2012 05:05 AM

I'm trying to set up a site to site VPN link between the ASA5510 that we use exclusively as a VPN endpoint on campus and a D-Link DIR130 VPN Router off campus, at a local business with a dynamically assigned IP.  We currently use the ASA for remote access users who use the Cisco VPN client on mobile devices, as well as for a single site to site link to our telecom provider for the purposes of monitoring telecom equipment remotely.

We are looking for a way to cheaply deploy secure VPN connections to local businesses to allow them to use point of sale devices which connect back to systems on campus, so students can use their meal cards at local restaurants, similarly to how they use them at the on-campus cafeteria.

I have experience configuring Cisco switches, APs and routers, but this ASA device absolutely baffles me.  I've futzed around with the ASDM 6.4 gui config and tried to match up configurations between the DIR130 and the ASA, but I can never get a VPN connection to come up.  Anyone who can point me to an example, or provide me with help on this would be appreciated.  I've google searched and found very little that, with my limited experience in ASA configuration, I can apply to my scenario.

Labels:
0 Helpful
32 Replies 32

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to sean.a.murphy

‎07-19-2012 07:24 AM

Yup, absolutely correct commands.

0 Helpful

Go to solution
sean.a.murphy
Level 1
Level 1
In response to Jennifer Halim

‎07-19-2012 07:26 AM

Thanks. Didn't mean to doubt you!

Its up and waiting again.  I'll let it sit to ensure it stays up this time.  Would the ping I set up have to be continuous, or would a ping every 30 minutes be sufficient to keep the connection alive?

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to sean.a.murphy

‎07-19-2012 07:29 AM

I would do every 5 minutes instead of 30 minutes because rekey typically happens before the lifetime expires, and if you do 30 minutes, it would be too long and it might expire before you have a chance to keep the tunnel alive.

0 Helpful
Customers Also Viewed These Support Documents