12-28-2008 09:10 PM
Hi all,
m new to vpn, can any1 explain the diff. b/w dynamic vpn & site-2-site vpn, & things that shld be taken care of.
m trying to create a dynamic vpn b/w remote & my secure computing SG720 FW.
topology is
SG720(remote)--PIX515--SG720(local)
i have SG720 with public IP @ HQ.
PIX 515 in remote site which has PAT pool when it goes to HQ.
behind that PIX 515 i have SG720 for that customer. SG720 @ both ends just show phase 1 only.
Any help?????/
12-29-2008 08:16 AM
Dynamic VPN - is when one end of the VPN is unkown, e.g no static IP address. Also you do not know the remote end IP subnet for the encryption domain - so this is learnt at time of VPN creation.
Site-2-Site is typically when you have 2 devices with static IP addresses. You also know the IP subnets at both sites, and configure the encryption domains accodringly.
HTH>
12-29-2008 12:03 PM
I may be completely wrong here .. but I don't think a pix 515 can participate in a DMVPN. For a DMVPN to work you'll need to use GRE/IPSEC.
This will enable you to use routing protocols and NHRP.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: