• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2286
  • Last Modified:

Cisco VPN Connections between static and dynamic IP's

We have a Cisco ASA 5505 at a site with a static IP address and would like to be able to establish site-to-site VPN connections from PIX 501 firewalls on dynamic IP addresses.  When you set up a site-to-site connection, you're only allowed to enter an IP address.  If we use a dynamic IP address and it changes, the VPN will be broken.  Is there a way to set the ASA 5505 to accept incoming site-to-site VPN connections without having to explicitly specify the IP it's coming from?
OAC Technology
OAC Technology
1 Solution
Cisco Easy VPN is the way forward. It's not actually that easy, but it does the trick. Here's a config for a router to an ASA:-


The config for a pix shouldn't be significantly different, if you can use ASDM to configure it it makes it all even easier.
What you are trying to accomplish is DMVPN, or dynamic multipoint VPN. WE have a couple of these setup and they work great, only downside is they only work on routers, not on the PIX or ASA.

Here is another link that is more specific to your question.

OAC TechnologyProfessional NerdsAuthor Commented:
Thank you!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now