1. Home
  2. Cisco Systems
  3. Dynamic IP l2l VPN with Cisco ASA?

Dynamic IP l2l VPN with Cisco ASA?

To PIX OS and IOS/VPN gurus:

I need to configure a LAN-to-LAN VPN with a peer that uses a dynamic IP (a sonicwall in this case). I am Cisco on our end but cannot figure out how to tell the Cisco to accept the remote peer without knowing its IP. I thought we could use a FQDN and DynamicDNS service, but the set peer hostname refers to something you named using "name"

-- no good for my needs.

The ASA I am testing with is placing the IKE traffic onto the DefaultRAGroup, not the ipsec-l2l group I want to connect with. I can use a router if IOS has a way to do this that PIX OS lacks.

DO I need to use a CA for this? If so, can the ASA act as the CA for the request?

Many thanks in advance.

Shawn

Reply to
swesterhoff
Loading thread data ...

Addition: Usually I would use VPNCLIENT command if the remote peer was a Cisco, using parts of EasyVPN. We are using a Soncwall TZ190 as we need the built in Sprint CDMA wireless and I could not find a Cisco device that would do that. We may deploy a Cisco PIX 501 inside the Soncwall LAN and use that with VPNCLIENT but I thought that approach is a bit hardware wasteful.

Shawn

Reply to
Shawn Westerhoff

dynamic crypto map ?

see

formatting link

Reply to
Merv

The DefaultL2LGroup is not engaging, the inbound connection is using DefaultRAGroup.

Help?

Reply to
Shawn Westerhoff

Shawn,

Have a look at this.

formatting link
The example above includes both a LAN to LAN VPN betwen a Sonic Wall and a PIX + dynamic connection from a Sonic Wall to PIX.

Whilst you wanted it to an ASA you should be able to re-work the config to fit your needs.

Regards

Darren

Reply to
Darren Green

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.