Solved

Dynamic to static L2L IPSec tunnel - ASA / IOS - Select different group

Posted on 2013-11-06
3
807 Views
Last Modified: 2013-11-26
I have an IOS router with a dynamic IP that I need to have connect to a static ASA for a L2L IPSec tunnel. Config is okay but I need to have this tunnel not land on the DefaultL2LGroup policy. I have seen some mention of the need to use certificates for this to work but I'm having trouble finding a good walkthrough. I need to set up the dynamic side (Cisco IOS router) to somehow let the static side (Cisco ASA) know that this connection needs to be addressed by a different group other than the default.

Thanks!
0
Comment
Question by:farroar
  • 2
3 Comments
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 500 total points
ID: 39631647
Use EZVPN with NEM!

http://www.alfredtong.com/cisco/cisco-ezvpn-cisco-asa-and-ios-router/

I have used this with an ASA 5510 which was on the main office and the vpn client was a CISCO881GW-GN-E-K9 which was roaming around in different countries with different sim cards (and thus ip addresses).

I hope the URL will get you going, if not please let us know!
0
 

Author Comment

by:farroar
ID: 39637032
Thanks for the Link! Seems to be exactly what I need but it doesn't seem to be working. Let me play with it for a bit and get back to you. One thing to note.. the ASA already has many VPNs dynamic and L2L terminating to it. I just need to make sure none of the adjustments I make are global. They can only address this one connection.
0
 

Author Closing Comment

by:farroar
ID: 39679742
Good link. It got me going in the right direction. Thanks!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
using BGP Attributes 2 83
Help with ASA config smtp traffic 10 38
Viber-Only Restriction 6 43
Install SSL certificate on Cisco ASA 5506 6 23
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now