Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6824
Views
0
Helpful
6
Replies

Site-to-Site VPN with DynDns

prabhatrahul
Level 1
Level 1

‎06-24-2015 07:15 AM

Hi,

I am planning to implement Site to Site VPN  with two ASA 5505.

But before purchasing i just want to know that, whether it is possible to configure site to site vpn  with two dyndns address one on each location.

 

Thanks & Regards,

Prabhat

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎06-28-2015 04:34 AM

Hi ,

ASA supports only RFC compliant method for updates used with dynamic DNS , not HTTP updates , like dyndns.org and others use.
i.e. https://tools.cisco.com/bugsearch/bug/CSCsk25102/?reffering_site=dumpcr

On ASA , it is not possible to configure tunnel between two dynamic peers.
You will need to have one static end to configure static to dynamic IP.

For routers , you can follow this link.
Hope this helps.
 

Regards,
Dinesh Moudgil

 

P.S. Please rate helpful posts.

 

 

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

rizwanr74
Level 7
Level 7

‎06-30-2015 12:08 PM

Hi prabhatrahul,

 

Yes you can use dyndns FQDN names in the tunnel, as your tunnel peer address.

 

object network obj-hr88.cisco.com 
 fqdn hr88.cisco.com

 


dns domain-lookup inside 
dns server-group DefaultDNS
 name-server 192.168.1.200 
 domain-name cisco.com 

 

https://supportforums.cisco.com/document/66011/using-hostnames-dns-access-lists-configuration-steps-caveats-and-troubleshooting

 

Make sure to point your ASA to internal DNS server.

 

thanks.

 

0 Helpful

prabhatrahul
Level 1
Level 1
In response to rizwanr74

‎07-01-2015 01:42 AM

Hi rizwan,

I am using ASDM to configure site to site VPN wizard, under Peer IP Address i am using abc.dyndns.org than click next i am getting error message as: Cannot interpret the IP Address:abc.dyndns.org.

Any solution ?

 

Thanks 

0 Helpful

rizwanr74
Level 7
Level 7
In response to prabhatrahul

‎07-01-2015 10:00 PM

Have you created the FQDN object before use it?

 

0 Helpful

prabhatrahul
Level 1
Level 1
In response to rizwanr74

‎07-02-2015 12:09 AM

Yes, i created FQDN and it is resolving successfully:

ciscoasa(config)# show dns
Name: abc.dyndns.org
  Address: 123.123.123.123                                     TTL 00:01:50

but still from ASDM, peer IP Address: abc.dyndns.org and  VPN Access Interface: outside

getting same error "cannot interpret the ip address:abc.dyndns.org".

 

0 Helpful

rizwanr74
Level 7
Level 7
In response to prabhatrahul

‎07-02-2015 08:19 AM

Hi Prabhatrahul,

 

It is a bug on ASA, there is no fix aviable yet, you might want to read below.

 

https://tools.cisco.com/bugsearch/bug/CSCus37350

 

Thanks

 

0 Helpful
Customers Also Viewed These Support Documents