I was wondering if anybody had anything thoughts on this issue. I have an ASA 5510 with a static public IP that is our main firewall. We have a remote site with an ASA 5505. The 5505 is connected to the world by DSL modem. Now the DSL has the public static IP and then gives anything connected to it a private IP. The interface on the 5505 is connected to the modem and uses DHCP and gets a private IP. We set the config to have a site-to-site tunnel between the two firewalls. It would work for a while and then all of a sudden drop the tunnel connection for different periods of time. I called Cisco about this and the guy I worked with said since the 5505 is behind a firewall and is getting a DHCP address that I need to create a Dynamic LAN to Static LAN tunnel instead and make the 5505 the initiator of the tunnel since the 5510 won't know who to talk to. So he removed my tunnel and created a DefaultL2L tunnel group. All of a sudden the downed VPN Site came up. But after I got off the phone the tunnel went down again. So I am lost as to what could be going wrong. Is it possible since the DSL modem is doing some kind of NAT and giving a private IP to the firewall that it could be blocking some traffic that is needed to pass? The connection will come up by itself. When I called the Engineer back up he said that it could be that some traffic needs to be passed from the 5505 side since that is the connection making the tunnel.