Dynamic IP l2l VPN with Cisco ASA?

Discussion in 'Cisco' started by swesterhoff, Nov 7, 2007.

  1. swesterhoff

    swesterhoff Guest

    To PIX OS and IOS/VPN gurus:

    I need to configure a LAN-to-LAN VPN with a peer that uses a dynamic
    IP (a sonicwall in this case). I am Cisco on our end but cannot
    figure out how to tell the Cisco to accept the remote peer without
    knowing its IP. I thought we could use a FQDN and DynamicDNS service,
    but the set peer hostname refers to something you named using "name"
    -- no good for my needs.

    The ASA I am testing with is placing the IKE traffic onto the
    DefaultRAGroup, not the ipsec-l2l group I want to connect with. I can
    use a router if IOS has a way to do this that PIX OS lacks.

    DO I need to use a CA for this? If so, can the ASA act as the CA for
    the request?

    Many thanks in advance.

    swesterhoff, Nov 7, 2007
    1. Advertisements

  2. Addition: Usually I would use VPNCLIENT command if the remote peer was
    a Cisco, using parts of EasyVPN. We are using a Soncwall TZ190 as we
    need the built in Sprint CDMA wireless and I could not find a Cisco
    device that would do that. We may deploy a Cisco PIX 501 inside the
    Soncwall LAN and use that with VPNCLIENT but I thought that approach
    is a bit hardware wasteful.

    Shawn Westerhoff, Nov 7, 2007
    1. Advertisements

  3. swesterhoff

    Merv Guest

  4. The DefaultL2LGroup is not engaging, the inbound connection is using

    Shawn Westerhoff, Nov 8, 2007
  5. swesterhoff

    Darren Green Guest


    Have a look at this.


    The example above includes both a LAN to LAN VPN betwen a Sonic Wall
    and a PIX + dynamic connection from a Sonic Wall to PIX.

    Whilst you wanted it to an ASA you should be able to re-work the
    config to fit your needs.


    Darren Green, Nov 9, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.