Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need everyone's Opinion Dynamic crypto versus static

I will be seeting up site to site vpns over the internet for most of our remote locations. (PIX 515 at the hub site and 831's at the remotes) Depending on what ISP I choose, I may not be able to get static IP's for some of the locations. From a security standpoint how less secure is using Dynamic crypto maps versus static. If I am forced to use an ISP who cannot provide a static IP can someone provide links to help me secure the remote locations to the best of my ability. Looking for opinions please!!!!

Thanks,

Paul

2 REPLIES
Bronze

Re: Need everyone's Opinion Dynamic crypto versus static

The use of Dynamic Crypto Maps are still a very secure way of implementing your LAN to LAN tunnels and you must use them when having remote sites which ip addresses will change. On the other hand, if you are interested in a little more security you can perhaps implement digital certificates on where each site will have it's own ID certificate vs. a single preshared key used by all the remote sites...

New Member

Re: Need everyone's Opinion Dynamic crypto versus static

Thanks for taking the time to reply and will implement digital certs if needed.

Paul

154
Views
0
Helpful
2
Replies