Link to home
Create AccountLog in
Cisco

Cisco

--

Questions

--

Followers

Top Experts

Avatar of herm paul
herm paul🇬🇺

what is the best practice on site to site vpn using fqdn?
site to site vpn using fqdn on both sites using cisco asa devices

Zero AI Policy

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Avatar of Hemil AquinoHemil Aquino🇺🇸

Question is, why do you want to use FQDN?

are you using dynamic IPs? or you just want to use FQDN?
It is always recommended to use IP addresses instead of fully qualify domain names. You do not want to run into an issue the DNS server is not responding and then your VPN fails.
Avatar of arnoldarnold🇺🇸

Using FQDN you will be subject to DNS a poisoning adding unnecessary overhead on the VPN setup.
Avatar of Hemil AquinoHemil Aquino🇺🇸

@arnold -- I agreed, I forgot to add it up but needed to know his reason.
Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

Avatar of Pete LongPete Long🇬🇧

Hmmm, I was just about to say 'you cant' because I've put in A LOT of VPNs and I've never used a FQDN as an peer/endoint. But I've just checked on my test ASA and the crypto map will let you specify a hostname;


Petes-ASA(config)# crypto map CRYPTO-MAP 1 set peer ?

configure mode commands/options:
  Hostname or A.B.C.D     IP address
  Hostname or X:X:X:X::X  IPv6 address
Petes-ASA(config)# crypto map CRYPTO-MAP 1 set peer

Open in new window


'If' this were to work, you tunnel-group name will need to match the peer FQDN, (even then, this is a new one on me). 


I would have to build it on the bench to be certain.


</P>

Avatar of arnoldarnold🇺🇸

For use of FQDN, DNS servers, reliable, trusted have to be used.
Avatar of herm paulherm paul🇬🇺

ASKER

thank you all... i have switched employment and no longer requiring this but thank you so very much for your time
Free T-shirt

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

This question needs an answer!
Looks like this question is still being worked on. Think you can help?
Create your account and start contributing!
Create Account
Cisco

Cisco

--

Questions

--

Followers

Top Experts

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).