Hello!
I'm wondering if anyone can shed some light on this situation. Our setup is an ASA5540 that maintains split-tunnel VPNs to our clients in a hub and spoke configuration. We have our outside address set up with a FQDN and many of our customers use that FQDN resolved by dns for their remote gateway address. In the event of a failover we will change the DNS record to the address of our failover site. I had some questions posed to me today that I frankly have never thought about and don't have any experience with. Any help or insight would be appreicated.
I am exploring the use fully qualified domain names (FQDN) rather than fixed IP addresses for defining the VPN tunnels. These FQDNs will likely be derived from and updated with a Dynamic DNS (DDNS) service.
Additionally, there is a service provider proposal under consideration whose Internet offering would likely require the ability for the IPSEC VPN tunnels to be established and operated across a 1:1 NAT environment between the public side of our VPN appliances and the actual Internet portal.
Before we get too far into this, I wanted to check with you to determine what, if any, issues or limitations on your ability to accommodate either or both of these operational modifications.
Thanks for looking at this and again, any help or a point in the right direction would be apprecited!!