Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Site to Site VPN Tunnel with Dynamic IP using PIX and ASA

Here is the situation we have a remote site in a third party's location where they refuse to statically NAT us an outside IP. Our outside IP doesn't change often so usually VPN works ok but not so much as of lately.

The problem is we need to directly address devices on the remote end so AFAIK EZVPN won't work because it NAT's all the connection.

Is there any way to make this work with the current hardware, ASA running 8.0 code and PIX 501 with 6.35 code?


Re: Site to Site VPN Tunnel with Dynamic IP using PIX and ASA

So, is one end with a "dynamic ip address" and another with a static ip address? If so then next question will be which side needs to start the connection to which side? The dynamic to the static? or the static to the dynamic?

So if you have one dynamic and one static you can either have ezvpn or dynamic-to-static lan to lan, the catch here is that the one with the dynamic ip address always needs to start the connection to the one with static ip address, this is for both tunnel and traffic over the tunnel. Once the bidirectional tunnel is up, you can have bidirectional communication.

CreatePlease to create content