11-02-2020 09:02 AM
I have two sites right now: local site has an ASA 5505 and remote site has a Dray-Tek vigor 2133 series router with a ddns from dnsalias configured on it. My question is: Is it possible to configure our ASA to build a S2S tunnel using the Draytek's DDNS? I built a tunnel using ASDM but that does not allow a host name, only IP. The tunnel is currently build using the IP of the Draytek but the Ip on the DT side is changine more and more frequently. Any help would be greatly appreciated.
11-02-2020 09:10 AM
Never used Drayek VPN with ASA ( Draytek used for FW)
is ASA has static IP and Dreytek has Dynamic IP - not sure what option you use in draytek
check example :
https://blog.danmassey.net/cisco-asa-site-to-site-vpn-with-dynamic-ip-addresses/
11-02-2020 09:34 AM
The draytek has a ddns configured and the ASA has a static IP. I want to try to construct the tunnel using the DDNS so the Draytek side doesnt have to get a static IP. The Draytek side is working fine, I just can not find an option on the ASA side to build the tunnel using a ddns name rather than just an IP.
11-02-2020 10:04 AM
Why not Draytek initiate the Tunnel all time, since ASA has static IP. Like any EZY VPN style ?
11-11-2020 09:00 AM
I would like to do this, but how would I configure the ASA to allow that?
11-02-2020 10:53 AM
In contrast to the IOS-router, there is no dynamic peer name resolution on the ASA for VPNs. As already mentioned, let the spoke initiate the connection and the ASA respond. Keep in mind that using wildcard PSKs is not a best practice and should be avoided. Using digital certificates is the way to go in this scenario.
11-06-2020 10:38 AM
Sorry for the n00b question, but how would I do that on the ASA side?
11-02-2020 02:56 PM
ASA-Draytek
under the ASA config dynamic map,
dynamic map don't need ip of other peer "other side of tunnel"
NOTE:-this config make only Draytek initiate traffic, ASA can not initiate the traffic.
11-02-2020 05:28 PM
ASA-Draytek
Other solution if this available in draytek , yes VTI in asa and use hostname as tunnel destination.
check this solution.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide