Site to Site VPN Pix

Unanswered Question
Jun 17th, 2009


Is it possible to setup a site to site vpn with a pix501 when one site has has a dynamically assigned external IP?


The pix is running verion 6.3, is there any other way around this that doesnt involve changing the config everytime the IP address changes


Any help would be greatly appreciated


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
milfrankrodriguez Wed, 06/17/2009 - 05:54

Thanks for your reply Andrew,


I had tried to do this using ddns but when I set the preshared key for the remote peer the pix will only allow me to use an IP address


Also when I set the remote peer for the crypto map it requires an IP address


Can you tell me where i'm going wrong?

Jon Marshall Wed, 06/17/2009 - 02:34

Daniel


You can use a dynamic crypto map where you do not need to specify the remote peer IP address. See this link for an example -


http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094a87.shtml


Be aware that when you use a dynamic crypto map ie. you don't check the remote peer IP, then any peer can try to initiate an IPSEC connection to your Pix. So your key is the only real security you have so make sure it is a good one.


Jon

Actions

This Discussion