Dynamic to static L2L IPSec tunnel - ASA / IOS - Select different group

I have an IOS router with a dynamic IP that I need to have connect to a static ASA for a L2L IPSec tunnel. Config is okay but I need to have this tunnel not land on the DefaultL2LGroup policy. I have seen some mention of the need to use certificates for this to work but I'm having trouble finding a good walkthrough. I need to set up the dynamic side (Cisco IOS router) to somehow let the static side (Cisco ASA) know that this connection needs to be addressed by a different group other than the default.

Thanks!
farroarAsked:
Who is Participating?
 
Henk van AchterbergConnect With a Mentor Sr. Technical ConsultantCommented:
Use EZVPN with NEM!

http://www.alfredtong.com/cisco/cisco-ezvpn-cisco-asa-and-ios-router/

I have used this with an ASA 5510 which was on the main office and the vpn client was a CISCO881GW-GN-E-K9 which was roaming around in different countries with different sim cards (and thus ip addresses).

I hope the URL will get you going, if not please let us know!
0
 
farroarAuthor Commented:
Thanks for the Link! Seems to be exactly what I need but it doesn't seem to be working. Let me play with it for a bit and get back to you. One thing to note.. the ASA already has many VPNs dynamic and L2L terminating to it. I just need to make sure none of the adjustments I make are global. They can only address this one connection.
0
 
farroarAuthor Commented:
Good link. It got me going in the right direction. Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.