[c-nsp] Site to Site VPN using ASA and far end with dynamic peer

Scott Granados scott at granados-llc.net
Thu Jan 6 18:46:30 EST 2011


Hi, I have a relatively simple question but the examples I find on cisco.com don't seem to do much but confuse me.:)

Here's the setup.  I have a Cisco ASA with several site to site VPN tunnels terminated to branch offices.  All to date have used static IP addressing on both sides so using the tunnel-group a.b.c.d type l2l has been very simple.  We now have a branch with PPPOE DSL and dynamic addressing.  Could someone provide an example of the ASA side how to accept a VPN site to site session from a remote device using a dynamic IP.

What do you use instead of the target tunnel-group / peer address entry?

Presently the ASA is running 8.2.x code using a normal dynamic map for remote clients and the standard crypto map entries for each peer. I assume it's some variation on the dynamic map theme but not quite sure how to make that work.

Any pointers would be appreciated.

Thanks
Scott




More information about the cisco-nsp mailing list