Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Dynamic VPN, Site-2-site-VPN

Hi all,

m new to vpn, can any1 explain the diff. b/w dynamic vpn & site-2-site vpn, & things that shld be taken care of.

m trying to create a dynamic vpn b/w remote & my secure computing SG720 FW.

topology is


i have SG720 with public IP @ HQ.

PIX 515 in remote site which has PAT pool when it goes to HQ.

behind that PIX 515 i have SG720 for that customer. SG720 @ both ends just show phase 1 only.

Any help?????/


Re: Dynamic VPN, Site-2-site-VPN

Dynamic VPN - is when one end of the VPN is unkown, e.g no static IP address. Also you do not know the remote end IP subnet for the encryption domain - so this is learnt at time of VPN creation.

Site-2-Site is typically when you have 2 devices with static IP addresses. You also know the IP subnets at both sites, and configure the encryption domains accodringly.


New Member

Re: Dynamic VPN, Site-2-site-VPN

I may be completely wrong here .. but I don't think a pix 515 can participate in a DMVPN. For a DMVPN to work you'll need to use GRE/IPSEC.

This will enable you to use routing protocols and NHRP.