Solved

how to allow one of the statically assigned vpn tunnels to tunnel into another dynamic site?

Posted on 2016-08-05
3
85 Views
Last Modified: 2016-08-09
here is what i'm trying to accomplish:
currently there are 3 separate vpn tunnels to 3 different sites, all are statically assigned.  my intention is to create a 4rth tunnel with statically assigned ip to tunnel into another site that is dynamically assigned ip.  Has anyone ever done this and how does it work?

devices involve: asa5515 at the static site and whatever router so long as its vpn able on the other site.  just really need to know what i need to do on the asa site since its already had multiple tunnels in place.

 Thank you,

mwauki
0
Comment
Question by:mwauki
3 Comments
 
LVL 94

Expert Comment

by:John Hurst
ID: 41744255
I have a Cisco RV325 VPN router with 3 tunnels to 3 clients. They static external IP addresses, whereas I have a dynamic external IP address that does not change much.

my intention is to create a 4rth tunnel with statically assigned IP to tunnel into another site that is dynamically assigned IP.

Yes, that should work.  Considerations:

1. It should not change much, but you would have to re-configure when it does.
2. Use DynDNS if you do not want to do this.
1
 
LVL 14

Accepted Solution

by:
SIM50 earned 500 total points
ID: 41744647
The config would be the same except for crypto map and pre-shared key location. Instead of assigning a peer, you would create dynamic crypto map and put pre-shared key in the default tunnel-group.

Check this link for the configuration example of static firewall: http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119007-config-asa9x-ike-ipsec-00.html#anc10
0
 

Author Closing Comment

by:mwauki
ID: 41748386
thanks!
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPN Ports 8 53
Swapping port on a  Cisco 5510 firewall 1 44
Provide internet access from one windows PC to another 16 97
Setting up a trunk port on a Cisco switch? 20 57
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question