Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-to-Site VPN: ASA 5510 (fixed IP) <-> Linksys BEFSX41 (dyn IP)

The Cisco 5510 has a fixed IP address, but the Linksys BEFSX41 does not. I'm planning to use the Cisco/Linksys as a replacement for a pair of ZyWall 10 VPN routers. The ZyWall's allow me to specify (on the fixed IP end) the FQDN of the dynamic IP end, but it doesn't seem that the Cisco does.

I've read some posts that seem to describe similar configurations, but it's not clear how to implement them on the 5510.

The Cisco/Linksys solution was recommended by CDW as a replacement for the ZyWall's, but if it doesn't have this feature, it's pretty much useless.

Cisco Employee

Re: Site-to-Site VPN: ASA 5510 (fixed IP) <-> Linksys BEFSX41 (d

Why don't you configure a dynamic to static tunnel ?

The tunnel will land on DefaultRAGroup or DefaulL2LGroup depending on how the Linksys initiates the connection.


Cisco Employee

Re: Site-to-Site VPN: ASA 5510 (fixed IP) <-> Linksys BEFSX41 (d

Does the Linksys BEFSX41 support the use of certificates? (I personally haven't seen it) If it does, then you can make the certificate parameter to land on a separate tunnel-group by using FQDN

tunnel-group-map enable ike-id

will be the option to use on the ASA.

So, the certificate sent from the remote end will be taken into account with the IKE ID parameter to land on a group that you configure.

ONLY if you are using certificates instead of pre-shared key this will work.

If you are using pre-shared key then DefaultL2LGroup or DefaultRAGroup will be your options.

Hope this helps,