No announcement yet.

Cisco ASA 5505 - IP Sec Tunnel with dynamic IP

  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco ASA 5505 - IP Sec Tunnel with dynamic IP


    We have a Cisco ASA 5505 at our main office. In our orginistaion we have 4 remote offices that connect into our main office using LAN to LAN IP-Sec. The remote offices use a range of devices from Netgear to Cradlepoint and have been working perfectly for the past 1 year.

    Until recently all our remote offices had static IP. Now we are faced with not being able to have static IP anymore which is causing us issues with the VPN. What we are having to do is manually update the ASA5505 each time the router at the other office goes off line or the ISP issues a new IP address which is not practicle.

    What I would like to know is how can we update our ASA 5505 with the public IP numbers from our remote sites using a DDNS service like DYNDNS for example. We have reseacched and looked but can't find much on this subject.

    If someone can help here that would be great or if there are any other suggestions to get us around this issue.



  • #2
    Re: Cisco ASA 5505 - IP Sec Tunnel with dynamic IP

    DDNS might work for the problem you describe, but I have never tried this solution.

    I solved this problem by cofiguring a dynamic crypto map and tunnel-group on the ASA for all my DHCP assigned L2L tunnel peers.

    The following link should help get you started in the right direction on configuring the ASA to accept dynamic L2L requests.
    Last edited by scowles; 10th August 2011, 13:40.