12-28-2008 09:10 PM
Hi all,
m new to vpn, can any1 explain the diff. b/w dynamic vpn & site-2-site vpn, & things that shld be taken care of.
m trying to create a dynamic vpn b/w remote & my secure computing SG720 FW.
topology is
SG720(remote)--PIX515--SG720(local)
i have SG720 with public IP @ HQ.
PIX 515 in remote site which has PAT pool when it goes to HQ.
behind that PIX 515 i have SG720 for that customer. SG720 @ both ends just show phase 1 only.
Any help?????/
12-29-2008 08:16 AM
Dynamic VPN - is when one end of the VPN is unkown, e.g no static IP address. Also you do not know the remote end IP subnet for the encryption domain - so this is learnt at time of VPN creation.
Site-2-Site is typically when you have 2 devices with static IP addresses. You also know the IP subnets at both sites, and configure the encryption domains accodringly.
HTH>
12-29-2008 12:03 PM
I may be completely wrong here .. but I don't think a pix 515 can participate in a DMVPN. For a DMVPN to work you'll need to use GRE/IPSEC.
This will enable you to use routing protocols and NHRP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide