We have an ASA 5510 running 8.0 at our company HQ. We have remote sites that need to create L2L VPN tunnels to the HQ ASA. Some remote sites have static IP's and others have dynamic IP's.
I have found Cisco documentation for static-IP L2L VPN tunnels and have them working. I have found other Cisco documentation for dynamic-to-static-IP L2L VPN tunnels using the "DefaultL2LGroup" tunnel-group.
My question is, can you have both kinds of L2L tunnels on the same ASA? If so, will simply using the "DefaultL2LGroup" tunnel-group and <IP> tunnel-group definitions work? Is there a reason not to do this? Is there a better technology (ASA at HQ and a combination of ASA 5505's and 1861's at the remote sites) available?
Yes you can have both kinds of L2L tunnels. if you are using a PSK - remember the IP address of the remote site is used to "validate it" for connection to the HQ. As long as you are using a secure PSK = 64 chars and about with upper/lower alpha numeric - you should be OK.
A better way of doing it - is get static IP addresses for the site that currently have DHCP from the ISP.