10-05-2012 03:13 AM
Hi,
I always try to find the right commands for the Dynamic VPN at a Site-to Site VPN.
I found something about the set peer command, but is that right what I want to do?
Static IP on both ASA (asa5505 and asa5510):
crypto map outside_map 1 set peer 192.168.178.230 <== That ist for a static if I know the IP
One Static (asa5510) and one dynamic (asa5505) IP:
crypto map outside_map 1 set peer asa5505 dynamic default <== Is that the right set peer
if the remote ASA called asa5505 and it has a dynamic IP address?
Regards,
Hans-Juergen Guenter
Solved! Go to Solution.
10-05-2012 04:01 AM
Yes, you do need the above 3 lines in the configuration. Those are required on the static end to accept connection from dynamic peer.
You don't need "set peer" command as you don't have a static ip address for the dynamic end.
10-05-2012 03:34 AM
Here is a sample configuration between static and dynamic VPN peer address:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml
For dynamic to static VPN tunnel, the dynamic end needs to initiate the connection towards the static end. Because the dynamic end changes IP all the time, the static end would not know what the IP, hence the dynamic end needs to initiate the connection towards the static to bring up the VPN tunnel
10-05-2012 03:44 AM
I saw that configuration, but sorry I don`t found the correct things I only need.
There are to much commands I don`t need.
crypto dynamic-map cisco 1 set transform-set myset crypto map dyn-map 20 ipsec-isakmp dynamic cisco crypto map dyn-map interface outside
Are that the commands for the crypto map at the Static site? Do I don`t need a
set peer command?
Regards,
Hans-Juergen Guenter
10-05-2012 04:01 AM
Yes, you do need the above 3 lines in the configuration. Those are required on the static end to accept connection from dynamic peer.
You don't need "set peer" command as you don't have a static ip address for the dynamic end.
06-10-2016 07:09 AM
I have one ASA5550 firewall in our office environment , from where Static Site to Site IPsec VPN is configured, Now i want to create a dynamic Ipsec Site-to Site from same box.
I wanted to know is my ASA box will support Static and Dynamic Site-to Site VPN on same time. If yes, then is any command we need to enter to enable both Static and Dynamic IPSEC Site to Site VPN on same time.
As of Now i have only one Internet faced interface on my ASA by which Static Site to Site VPN is configured , if that box is support both flavour of IPSEC VPN can i use the same Public interface for both the tunnel or i need to create separate public interface on ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide