Site to Site VPN Pix

Unanswered Question
Jun 17th, 2009

Is it possible to setup a site to site vpn with a pix501 when one site has has a dynamically assigned external IP?

The pix is running verion 6.3, is there any other way around this that doesnt involve changing the config everytime the IP address changes

Any help would be greatly appreciated

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
milfrankrodriguez Wed, 06/17/2009 - 05:54

Thanks for your reply Andrew,

I had tried to do this using ddns but when I set the preshared key for the remote peer the pix will only allow me to use an IP address

Also when I set the remote peer for the crypto map it requires an IP address

Can you tell me where i'm going wrong?

Jon Marshall Wed, 06/17/2009 - 02:34

Daniel

You can use a dynamic crypto map where you do not need to specify the remote peer IP address. See this link for an example -

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094a87.shtml

Be aware that when you use a dynamic crypto map ie. you don't check the remote peer IP, then any peer can try to initiate an IPSEC connection to your Pix. So your key is the only real security you have so make sure it is a good one.

Jon

Actions

This Discussion