Site to Site VPN Pix

Unanswered Question
Jun 17th, 2009
User Badges:

Is it possible to setup a site to site vpn with a pix501 when one site has has a dynamically assigned external IP?

The pix is running verion 6.3, is there any other way around this that doesnt involve changing the config everytime the IP address changes

Any help would be greatly appreciated

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
milfrankrodriguez Wed, 06/17/2009 - 05:54
User Badges:

Thanks for your reply Andrew,

I had tried to do this using ddns but when I set the preshared key for the remote peer the pix will only allow me to use an IP address

Also when I set the remote peer for the crypto map it requires an IP address

Can you tell me where i'm going wrong?

milfrankrodriguez Wed, 06/17/2009 - 07:57
User Badges:

I didnt realise you could use a address, I will do that

Thanks for your help

Jon Marshall Wed, 06/17/2009 - 02:34
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


You can use a dynamic crypto map where you do not need to specify the remote peer IP address. See this link for an example -

Be aware that when you use a dynamic crypto map ie. you don't check the remote peer IP, then any peer can try to initiate an IPSEC connection to your Pix. So your key is the only real security you have so make sure it is a good one.



This Discussion