Solved

Site-to-Site VPN

Posted on 2013-05-17
7
433 Views
Last Modified: 2013-05-26
Dear Experts,

i want to configure Site to site ipsec vpn with dynamic ip on one end??

Scenario:

Site1(ASA5505 with static ip leased line)
Site2(Cisco2601 with dynamic DSL connection)

I am using already EZVPN connection but every time my cisco2601 router restart, i have to login router and enter "crypto ipsec client ezvpn ..." type commands.

Please help me to confiure Site to Site vpn that one no need to do anything manually after router or ASA restart.

Thanks,
0
Comment
Question by:nainasipra
7 Comments
 
LVL 19

Expert Comment

by:Kash
ID: 39174287
well first thing you need to do is fix the IP address I presume.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 39174484
site to site vpn will work without a static IP (but only on one side), but it forces the dynamic IP side to "dial in" to the other one so it has to initiate the tunnel.

for some reason I'm thinking if you have to re-type the commands again you didn't save the commands.  after you type them all in did you run one of hte following

copy run start
or
wr mem

if you're not saving the running config to the startup config, any changes since last start config save will be lost and you'll have to re-put them back in

edit:  actually you most likely can have both sides be dynamic but it requires the use of DNS and DynDNS auto-registrations then.  I'm not 100% on that though as I've never tried that.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 39174713
I have site to site tunnels to clients in my home office using a Cisco RV042G router. The clients have static external IP addresses. My IP is dynamic.

There are two ways to do this (excluding upgrading to a static IP).

1. Go with an Internet Supplier that offers stable IP addressing. My IP changes about once every 2 years and I can manage it.

2. Get DynDNS (dyndns.org) for the dynamic location. This presents a static IP to the outside world and allows the site IP to change dynamically. This works as well.

... Thinkpads_User
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:nainasipra
ID: 39176684
Easy VPN:

site1(ASA5505) ------------to-----------Site2(cisco2801)

every time my router restart on site 2, i have to enter following commands:

" Pending XAuth Request, Please enter the
       following command: crypto ipsec client ezvpn xauth

crypto ipsec client ezvpn xauth
Enter Username:
Password:
"
Please help me to configure that my VPN will reconnect automatically after router restart.

thanks,
0
 
LVL 11

Accepted Solution

by:
naderz earned 500 total points
ID: 39176831
You need to have the username and password configured. Can you post a scrubbed copy of the configs?

You should have something like:

crypto ipsec client ezvpn "some_name"
connect auto
group "your_group_name" key mykey
mode client
peer "peer address"
username "name" password "password"
xauth userid mode local
0
 

Author Comment

by:nainasipra
ID: 39177061
on my router config is like this:

crypto ipsec client ezvpn ezvpnvillage
 connect auto
 group DefaultRAGroup key village
 mode network-extension
 peer "my public ip"
 xauth userid mode interactive

i am not using username and password, if i have to use which username password should i use?

thanks
0
 
LVL 11

Expert Comment

by:naderz
ID: 39179447
These should be the steps, if you don't have them:

1. You need to define the username and password on the ASA.

2. On the 2601 use the name and password in 1 under the crypto configs

crypto ipsec client ezvpn ezvpnvillage
 connect auto
 group DefaultRAGroup key village
 mode network-extension
 peer "my public ip"
  name "use username defined on the server" password "use password on defined on the server"
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Setup ADSL modem with Router 7 45
Cisco ASA 5506 5 38
E-mail alerts from Cisco ASA Firepower 3 30
iPad Won't Connect 16 40
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now