We have a Hub-and-Spoke scenario: PIX 515 at the central site and PIX 501 at the home offices. The PIX 501s are connected to a DSL modem. Therefore, their ip addresses are not predictable.
We like to use isakmp authentication with pre-shared keys. Do I have to use dynamic crypto maps at the central site, or is there any other solution. Maybe someone can post a working configuration or a link to the related cisco documentation?
What is even easier now if you're running 6.2 on the PIX's, is to use a new feature called EzVPN where the remote PIX's look very similar to VPN clients coming in. The config on the remote PIX's is very simple, just a few lines. You can set it up so that it acts just like a LAN-to-LAN tunnel where the remote PC's are still contactable from the head-end site (network-extension mode), or you can set it up so that all the PC's behind the remote PIX are invisible and the remote PIX looks just like a client coming in (client mode). Sample config is here: http://www.cisco.com/warp/public/110/pix-ios-easyvpn.html
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...