11-19-2008 08:29 AM - edited 02-21-2020 04:02 PM
Hi. We have a remote site that connects to the internet via a Cisco 1801 Integrated Services router plugged into an ISDN line. Ths line only has dynamically assigned public IPs and I'm wondering if it's possible to create a site VPN back to our head office Pix 515 without a static IP at the remote site. Any pointers would be greatly appreciated.
I should also point out that this site already connects to head office via an ADSL line connected to the 801 with a static IP which is working fine. The ISDN is for backup.
11-19-2008 09:01 AM
Rex
Yes you can do this. Have a look at the following link -
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f86.shtml
If you also have VPN clients coming into the same device you may want to look at this doc as well -
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801dddbb.shtml
Edit - i forgot to point out. Because you use 0.0.0.0 as the remote IP address to allow dynamic connections that means any remote device could try and setup a tunnel with your pix. Obviously the device won't be able to without the key but it becomes evern more important to use a secure key.
Jon
11-20-2008 09:12 PM
How about using for that EZVPN in NEM? It also should do the job.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: