We have been banging our heads on this for over a week now.
How can we setup a VPN tunnel with a Dynamic IP to a Cisco ASA?
We have the following configured in the vshield manager:
Peer site name: Customer
Peer ID: Customer-ASA
Peer IP: (Blank = Any)
Peer Subnets = 172.16.32.0/24
Local Subnets = 172.17.32.0/24
MTU: 1500
Encryption: 3DES, DH2, PFS Enable
On the ASA, We tried aggresiive mode and main mode, name of the device is "Customer-ASA"
crypto isakmp identity key-id Customer-ASA
access-list ******** extended permit ip object-group LOCAL-NETWORK object-group XXXX
object-group network XXXX
network-object 172.17.32.0 255.255.255.0
object-group network LOCAL-NETWORK
network-object 172.16.32.0 255.255.255.0
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map VPNMAP 30 match address ********
crypto map VPNMAP 30 set pfs
crypto map VPNMAP 30 set peer <ourIP>
crypto map VPNMAP 30 set transform-set ESP-3DES-SHA
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
Anyone have any success setting up a connection from the edge to a dynamic IP? ALso we are using v 5.0.2