cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1441
Views
0
Helpful
0
Replies

Site to Site IPSEC vpn with FQDN on both ends

amelchiors
Level 1
Level 1

Hello!

I'm wondering if anyone can shed some light on this situation.  Our setup is an ASA5540 that maintains split-tunnel VPNs to our clients in a hub and spoke configuration.  We have our outside address set up with a FQDN and many of our customers use that FQDN resolved by dns for their remote gateway address.  In the event of a failover we will change the DNS record to the address of our failover site. I had some questions posed to me today that I frankly have never thought about and don't have any experience with.  Any help or insight would be appreicated. 

I am exploring the use fully qualified  domain names (FQDN) rather than fixed IP addresses for defining the VPN  tunnels. These FQDNs will likely be derived from and updated with a  Dynamic DNS (DDNS) service.

Additionally, there is a service  provider proposal under consideration whose Internet offering would  likely require the ability for the IPSEC VPN tunnels to be established  and operated across a 1:1 NAT environment between the public side of our  VPN appliances and the actual Internet portal. 

Before we get  too far into this, I wanted to check with you to determine what, if any,  issues or limitations on your ability to accommodate either or both of  these operational modifications.

Thanks for looking at this and again, any help or a point in the right direction would be apprecited!!

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: