[c-nsp] Site to Site VPN using ASA and far end with dynamic peer

Robert Maier desolationrob at gmail.com
Fri Jan 7 11:48:14 EST 2011


then you have to use a dynamic crypto map

Am 07.01.2011 01:40, schrieb Scott Granados:
> Actually, the branch is an old Pix.
>
> We also have an environment using a Juniper SRX so I'm not sure this is a good fit.
>
> Thanks
> Scott
>
> On Jan 6, 2011, at 4:34 PM, schilling wrote:
>
>> You have ASA/IOS routers on the branch office, right?
>>
>> Cisco Easy VPN Remote Client might be what you are looking for. You
>> can use client mode or network extension mode according to your need.
>>
>> http://www.cisco.com/en/US/products/sw/secursw/ps5299/index.html
>>
>> Schilling
>>
>> On Thu, Jan 6, 2011 at 6:46 PM, Scott Granados<scott at granados-llc.net>  wrote:
>>> Hi, I have a relatively simple question but the examples I find on cisco.com don't seem to do much but confuse me.:)
>>>
>>> Here's the setup.  I have a Cisco ASA with several site to site VPN tunnels terminated to branch offices.  All to date have used static IP addressing on both sides so using the tunnel-group a.b.c.d type l2l has been very simple.  We now have a branch with PPPOE DSL and dynamic addressing.  Could someone provide an example of the ASA side how to accept a VPN site to site session from a remote device using a dynamic IP.
>>>
>>> What do you use instead of the target tunnel-group / peer address entry?
>>>
>>> Presently the ASA is running 8.2.x code using a normal dynamic map for remote clients and the standard crypto map entries for each peer. I assume it's some variation on the dynamic map theme but not quite sure how to make that work.
>>>
>>> Any pointers would be appreciated.
>>>
>>> Thanks
>>> Scott
>>>
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list