[c-nsp] Site to Site VPN using ASA and far end with dynamic peer
Scott Granados
scott at granados-llc.net
Thu Jan 6 19:40:19 EST 2011
Actually, the branch is an old Pix.
We also have an environment using a Juniper SRX so I'm not sure this is a good fit.
Thanks
Scott
On Jan 6, 2011, at 4:34 PM, schilling wrote:
> You have ASA/IOS routers on the branch office, right?
>
> Cisco Easy VPN Remote Client might be what you are looking for. You
> can use client mode or network extension mode according to your need.
>
> http://www.cisco.com/en/US/products/sw/secursw/ps5299/index.html
>
> Schilling
>
> On Thu, Jan 6, 2011 at 6:46 PM, Scott Granados <scott at granados-llc.net> wrote:
>> Hi, I have a relatively simple question but the examples I find on cisco.com don't seem to do much but confuse me.:)
>>
>> Here's the setup. I have a Cisco ASA with several site to site VPN tunnels terminated to branch offices. All to date have used static IP addressing on both sides so using the tunnel-group a.b.c.d type l2l has been very simple. We now have a branch with PPPOE DSL and dynamic addressing. Could someone provide an example of the ASA side how to accept a VPN site to site session from a remote device using a dynamic IP.
>>
>> What do you use instead of the target tunnel-group / peer address entry?
>>
>> Presently the ASA is running 8.2.x code using a normal dynamic map for remote clients and the standard crypto map entries for each peer. I assume it's some variation on the dynamic map theme but not quite sure how to make that work.
>>
>> Any pointers would be appreciated.
>>
>> Thanks
>> Scott
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
More information about the cisco-nsp
mailing list