Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA static IP to ASA dynamic IP site to site tunnel

I just purchased 2 ASA 5505. The hub site has a static IP and the spoke has a dynamic IP. I am trying to create a site to site VPN tunnel using the wizard. However on the static based ASA it is asking for the dynamics IP. Since I do not know it currently at the spoke site I cannot set this up and I dont see any information on whether or not this can be done with site to site VPN using one side with a dynamic IP. I use to use some old Juniper netscreen boxes (5gt) and this was definiely a possibility and on that I had imlpemented before. I am hoping that this expensive Cisco ASA is capable of sending keep alives to the static Ip from the dynamic to setup and maintain a tunnel even if the dynamic IP changes.

Is it possible to setup site to site VPN tunnel with one dynamic IP and one static IP? If so is there any documentation on how to go about setting this up? Thanks for any and all replies.

Community Member

Re: ASA static IP to ASA dynamic IP site to site tunnel

I would suggest you use easy vpn. You make the headend with the static IP the easy vpn server, and the remote with dynamic the easy vpn client.

CreatePlease to create content