[c-nsp] Site to Site VPN using ASA and far end with dynamic peer
chris stand
cstand141 at gmail.com
Fri Jan 7 06:33:02 EST 2011
>>
>> Here's the setup. I have a Cisco ASA with several site to site VPN
tunnels terminated to branch offices. All to date have used static IP
addressing on both sides so using the tunnel-group a.b.c.d type l2l has been
very simple. We now have a branch with PPPOE DSL and dynamic addressing.
Could someone provide an example of the ASA side how to accept a VPN site
to site session from a remote device using a dynamic IP.
>>
We have a handful of remote sites that use broadband cards as a mechanism to
bypass failed T1s so they get dynamic addresses as well.
ASA->Linksys_w_broadband <-----Internet------->
ASA_VPN_term---->core_network
I'll send you the appropriate snippets if you wish directly and post it here
too.
I think the key was ( not intended pun ) to use pre-shared keys for the
tunnel
The remote end certainly knows about the centralized VPN core device and
that can have a static entry but the core of course can't.
More information about the cisco-nsp
mailing list