Site-to-Site VPN: ASA 5510 (fixed IP) <-> Linksys BEFSX41 (dyn IP)

Unanswered Question
Mar 16th, 2007
User Badges:

The Cisco 5510 has a fixed IP address, but the Linksys BEFSX41 does not. I'm planning to use the Cisco/Linksys as a replacement for a pair of ZyWall 10 VPN routers. The ZyWall's allow me to specify (on the fixed IP end) the FQDN of the dynamic IP end, but it doesn't seem that the Cisco does.

I've read some posts that seem to describe similar configurations, but it's not clear how to implement them on the 5510.

The Cisco/Linksys solution was recommended by CDW as a replacement for the ZyWall's, but if it doesn't have this feature, it's pretty much useless.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kaachary Sat, 03/17/2007 - 05:38
User Badges:
  • Cisco Employee,

Why don't you configure a dynamic to static tunnel ?

The tunnel will land on DefaultRAGroup or DefaulL2LGroup depending on how the Linksys initiates the connection.


ggilbert Sat, 03/17/2007 - 09:24
User Badges:
  • Cisco Employee,

Does the Linksys BEFSX41 support the use of certificates? (I personally haven't seen it) If it does, then you can make the certificate parameter to land on a separate tunnel-group by using FQDN

tunnel-group-map enable ike-id

will be the option to use on the ASA.

So, the certificate sent from the remote end will be taken into account with the IKE ID parameter to land on a group that you configure.

ONLY if you are using certificates instead of pre-shared key this will work.

If you are using pre-shared key then DefaultL2LGroup or DefaultRAGroup will be your options.

Hope this helps,




This Discussion