nainasipra
asked on
Site-to-Site VPN
Dear Experts,
i want to configure Site to site ipsec vpn with dynamic ip on one end??
Scenario:
Site1(ASA5505 with static ip leased line)
Site2(Cisco2601 with dynamic DSL connection)
I am using already EZVPN connection but every time my cisco2601 router restart, i have to login router and enter "crypto ipsec client ezvpn ..." type commands.
Please help me to confiure Site to Site vpn that one no need to do anything manually after router or ASA restart.
Thanks,
i want to configure Site to site ipsec vpn with dynamic ip on one end??
Scenario:
Site1(ASA5505 with static ip leased line)
Site2(Cisco2601 with dynamic DSL connection)
I am using already EZVPN connection but every time my cisco2601 router restart, i have to login router and enter "crypto ipsec client ezvpn ..." type commands.
Please help me to confiure Site to Site vpn that one no need to do anything manually after router or ASA restart.
Thanks,
Kash
well first thing you need to do is fix the IP address I presume.
site to site vpn will work without a static IP (but only on one side), but it forces the dynamic IP side to "dial in" to the other one so it has to initiate the tunnel.
for some reason I'm thinking if you have to re-type the commands again you didn't save the commands. after you type them all in did you run one of hte following
copy run start
or
wr mem
if you're not saving the running config to the startup config, any changes since last start config save will be lost and you'll have to re-put them back in
edit: actually you most likely can have both sides be dynamic but it requires the use of DNS and DynDNS auto-registrations then. I'm not 100% on that though as I've never tried that.
for some reason I'm thinking if you have to re-type the commands again you didn't save the commands. after you type them all in did you run one of hte following
copy run start
or
wr mem
if you're not saving the running config to the startup config, any changes since last start config save will be lost and you'll have to re-put them back in
edit: actually you most likely can have both sides be dynamic but it requires the use of DNS and DynDNS auto-registrations then. I'm not 100% on that though as I've never tried that.
I have site to site tunnels to clients in my home office using a Cisco RV042G router. The clients have static external IP addresses. My IP is dynamic.
There are two ways to do this (excluding upgrading to a static IP).
1. Go with an Internet Supplier that offers stable IP addressing. My IP changes about once every 2 years and I can manage it.
2. Get DynDNS (dyndns.org) for the dynamic location. This presents a static IP to the outside world and allows the site IP to change dynamically. This works as well.
... Thinkpads_User
There are two ways to do this (excluding upgrading to a static IP).
1. Go with an Internet Supplier that offers stable IP addressing. My IP changes about once every 2 years and I can manage it.
2. Get DynDNS (dyndns.org) for the dynamic location. This presents a static IP to the outside world and allows the site IP to change dynamically. This works as well.
... Thinkpads_User
ASKER
Easy VPN:
site1(ASA5505) ------------to-----------S
every time my router restart on site 2, i have to enter following commands:
" Pending XAuth Request, Please enter the
following command: crypto ipsec client ezvpn xauth
crypto ipsec client ezvpn xauth
Enter Username:
Password:
"
Please help me to configure that my VPN will reconnect automatically after router restart.
thanks,
site1(ASA5505) ------------to-----------S
every time my router restart on site 2, i have to enter following commands:
" Pending XAuth Request, Please enter the
following command: crypto ipsec client ezvpn xauth
crypto ipsec client ezvpn xauth
Enter Username:
Password:
"
Please help me to configure that my VPN will reconnect automatically after router restart.
thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
on my router config is like this:
crypto ipsec client ezvpn ezvpnvillage
connect auto
group DefaultRAGroup key village
mode network-extension
peer "my public ip"
xauth userid mode interactive
i am not using username and password, if i have to use which username password should i use?
thanks
crypto ipsec client ezvpn ezvpnvillage
connect auto
group DefaultRAGroup key village
mode network-extension
peer "my public ip"
xauth userid mode interactive
i am not using username and password, if i have to use which username password should i use?
thanks
These should be the steps, if you don't have them:
1. You need to define the username and password on the ASA.
2. On the 2601 use the name and password in 1 under the crypto configs
crypto ipsec client ezvpn ezvpnvillage
connect auto
group DefaultRAGroup key village
mode network-extension
peer "my public ip"
name "use username defined on the server" password "use password on defined on the server"
1. You need to define the username and password on the ASA.
2. On the 2601 use the name and password in 1 under the crypto configs
crypto ipsec client ezvpn ezvpnvillage
connect auto
group DefaultRAGroup key village
mode network-extension
peer "my public ip"
name "use username defined on the server" password "use password on defined on the server"