Site VPN without a static IP

Rex Biesty · ‎11-19-2008

Hi. We have a remote site that connects to the internet via a Cisco 1801 Integrated Services router plugged into an ISDN line. Ths line only has dynamically assigned public IPs and I'm wondering if it's possible to create a site VPN back to our head office Pix 515 without a static IP at the remote site. Any pointers would be greatly appreciated.

I should also point out that this site already connects to head office via an ADSL line connected to the 801 with a static IP which is working fine. The ISDN is for backup.

Jon Marshall · ‎11-19-2008

Rex

Yes you can do this. Have a look at the following link -

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f86.shtml

If you also have VPN clients coming into the same device you may want to look at this doc as well -

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801dddbb.shtml

Edit - i forgot to point out. Because you use 0.0.0.0 as the remote IP address to allow dynamic connections that means any remote device could try and setup a tunnel with your pix. Obviously the device won't be able to without the key but it becomes evern more important to use a secure key.

Jon

remi-reszka · ‎11-20-2008

How about using for that EZVPN in NEM? It also should do the job.