Need everyone's Opinion Dynamic crypto versus static
I will be seeting up site to site vpns over the internet for most of our remote locations. (PIX 515 at the hub site and 831's at the remotes) Depending on what ISP I choose, I may not be able to get static IP's for some of the locations. From a security standpoint how less secure is using Dynamic crypto maps versus static. If I am forced to use an ISP who cannot provide a static IP can someone provide links to help me secure the remote locations to the best of my ability. Looking for opinions please!!!!
Re: Need everyone's Opinion Dynamic crypto versus static
The use of Dynamic Crypto Maps are still a very secure way of implementing your LAN to LAN tunnels and you must use them when having remote sites which ip addresses will change. On the other hand, if you are interested in a little more security you can perhaps implement digital certificates on where each site will have it's own ID certificate vs. a single preshared key used by all the remote sites...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...