Creating Site to Site VPN Tunnel using Cisco ASA with Dynamic IP

Hi there,

Our main office has Cisco 5520 firewall behind dedicated internet line (fixed outside facing ip) and I have been tasked with setting up a new office but due to geographical constraints we have only been able to aquire a home broadband like DSL internet connection (dynamic IP). I have a Cisco 5505 ASA and would like to create a VPN tunnel between 2 offices using said devices. Can you please let me know the best and easy way to set this up. Thanks in advance for all your contributions.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Have you tried to use the ASA VPN Wizard ? Here is a sample configuration between static and dynamic VPN peer address:

For dynamic to static VPN tunnel, the dynamic end needs to initiate the connection towards the static end. Because the dynamic end changes IP all the time, the static end would not know what the IP, hence the dynamic end needs to initiate the connection towards the static to bring up the VPN tunnel

One other option would be to add in a DNS client such as Dyn DNS or other 3rd party. This would give you a host that will monitor the IP changes and adjust accordingly. Then all you would have to do is source it to that IP.  For now try the above.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
If the IP of the remote end changes all the time, you can use ( to simulate a fixed IP.

Also, check to see if your "dynamic" IP changes much. Mine changes maybe once every couple of years, so I treat it as fixed and connect the other ends normally. I have to change the setups every couple of years for the new IP address.
wezwaltAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.