VPN solution - frequently changing public IP addresses

Posted on 2010-11-16
Last Modified: 2012-05-10
We have a client with an interesting problem - a remote (European) site is dealing with an ISP that is required to change their public IP on a frequent (monthly) basis - government policy, and there's nothing that can be done about it..  Details:

- remote site has a PIX 501 w/ a Cisco router in front terminating a DSL connection
- home (HQ) has an ASA 5520 servicing a DSL connection

We need a solution that will dynamically reconfigure the remote end when the ISP demands a change in the public IP.

Thanks, and reference links/docs are always appreciated!

Question by:cfan73
  • 3
  • 2

Accepted Solution

shubhanshu_jaiswal earned 300 total points
ID: 34152607
You can configure EZVPN is this case...kindly go through the below mentioned link...

Assisted Solution

uniplast earned 200 total points
ID: 34156810
I suppose you want to make vpn connection between two devices, one of which has a dynamic IP address.
On this link you have an example of how it works


Author Comment

ID: 34157878
Thanks for the response, guys - if either solution above could work in this situation, can you help me understand why one (like the dynamic-to-static IPsec w/ NAT solution) would be REQUIRED over using just EZVPN?

Thank you - answer that, and I'll award points to both!
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Expert Comment

ID: 34158147

Author Comment

ID: 34158527
Thanks, uniplast - I've been through this, and feel I understand the EZ-VPN solution (which seems to support the same NAT scenario detailed in the "Dynamic-to-static IPsec" solution).  Can you identify when this would be REQUIRED, and EZ-VPN would NOT work?

Thanks again - sorry if I'm missing something obvious...

Assisted Solution

uniplast earned 200 total points
ID: 34159135
EZVPN - Only - Hub and spoke
EZVPN - QoS - Supported but QoS policy is not dynamically pushed to the remote sites

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Provisioning vcpu for VM (cisco virl) 4 66
Rdp session freeze periodically in FORTIGATE ssl vpn 2 40
VPN problems 4 25
Cisco Edge Routers for BGP 6 52
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question