Solved: Site-to-site VPN with remote site using dynamic DNS

ABaker94985 · ‎09-07-2021

I've seen a lot of articles on this, but folks usually resort to using dynamic policies. I'd like to use the dynamic info in the crypto map statement if possible.

The following shows a hostname can be used:

my-asa(config)# crypto map OUTSIDE_map 10 set peer ?

configure mode commands/options:
Hostname or A.B.C.D IP address
Hostname or X:X:X:X::X IPv6 address

I've created an object for this:

object network obj-dyn-site
fqdn dyn-site.dynamic-m.com

When I apply this to the crypto map statement, the following occurs:

my-asa(config)# crypto map OUTSIDE_map 10 set peer obj-dyn-site

^
ERROR: % Invalid Hostname

I don't see any relatively current configurations use this syntax, and the only articles that do are date mid 2000's.

Thanks

Rob Ingram · ‎09-07-2021

@ABaker94985

This probably wasn't the answer you wanted, but you statically define the name using the command name <ip address> <name> and then reference in the crypto map. So you cannot use a FQDN object.

ASA5515(config)# show run name
name 1.1.1.1 TEST
ASA5515(config)# show run crypto map
crypto map CMAP 1 set peer TEST

View solution in original post

Rob Ingram · ‎09-07-2021

@ABaker94985

This probably wasn't the answer you wanted, but you statically define the name using the command name <ip address> <name> and then reference in the crypto map. So you cannot use a FQDN object.

ASA5515(config)# show run name
name 1.1.1.1 TEST
ASA5515(config)# show run crypto map
crypto map CMAP 1 set peer TEST

ABaker94985 · ‎09-07-2021

You're correct - it wasn't the answer I wanted. I'll create a dynamic map for this then. The firewall has a backup link through a Cradlepoint that will be dynamic. I appreciate the answer.