Cisco ASA Dynamic VPN
Posted on 2014-03-18
I am wondering if anybody has come up up with a cleaver solution to this problem?
1. We have a main HUB with ~35 VPNs to different customers.
2. We have one customer who have a Cisco ASA behind an ADSL router with dynamic IP so we must configure it with a dynamic VPN cryptomap in our HUB.
3. VPN is IPSec Site to Site
4. Tunnel work just fine.
The problem is rather that the tunnel is not setup automatically, it requires "interesting traffic" to pass before the tunnel is established.
Is there any way to make it connect automatically?
I tried to configure the customer ASA with "Originate Only" but then I received errors in the HUB where the customer ASA was trying to setup a tunnel for <CustomerASA Local IP 192.168.0.11> and <Main HUB Public IP> which did not match any crypto map.
I also tried to set up an IP SLA but that did not generate the sufficient traffic. Though, issuing a ping from the customer ASA to our office did get the tunnel going ("ping inside 192.168.0.1" for example).
Would be nice to see if anybody have found a solution to this :-)