Solved

VPN solution - frequently changing public IP addresses

Posted on 2010-11-16
6
429 Views
Last Modified: 2012-05-10
We have a client with an interesting problem - a remote (European) site is dealing with an ISP that is required to change their public IP on a frequent (monthly) basis - government policy, and there's nothing that can be done about it..  Details:

- remote site has a PIX 501 w/ a Cisco router in front terminating a DSL connection
- home (HQ) has an ASA 5520 servicing a DSL connection

We need a solution that will dynamically reconfigure the remote end when the ISP demands a change in the public IP.

Thanks, and reference links/docs are always appreciated!

0
Comment
Question by:cfan73
  • 3
  • 2
6 Comments
 
LVL 5

Accepted Solution

by:
shubhanshu_jaiswal earned 300 total points
ID: 34152607
You can configure EZVPN is this case...kindly go through the below mentioned link...
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml
0
 
LVL 3

Assisted Solution

by:uniplast
uniplast earned 200 total points
ID: 34156810
I suppose you want to make vpn connection between two devices, one of which has a dynamic IP address.
On this link you have an example of how it works


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

0
 

Author Comment

by:cfan73
ID: 34157878
Thanks for the response, guys - if either solution above could work in this situation, can you help me understand why one (like the dynamic-to-static IPsec w/ NAT solution) would be REQUIRED over using just EZVPN?

Thank you - answer that, and I'll award points to both!
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 3

Expert Comment

by:uniplast
ID: 34158147
0
 

Author Comment

by:cfan73
ID: 34158527
Thanks, uniplast - I've been through this, and feel I understand the EZ-VPN solution (which seems to support the same NAT scenario detailed in the "Dynamic-to-static IPsec" solution).  Can you identify when this would be REQUIRED, and EZ-VPN would NOT work?

Thanks again - sorry if I'm missing something obvious...
0
 
LVL 3

Assisted Solution

by:uniplast
uniplast earned 200 total points
ID: 34159135
Topology
EZVPN - Only - Hub and spoke
EZVPN - QoS - Supported but QoS policy is not dynamically pushed to the remote sites
etc....
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now