Pix 501 as a VPN Client Info


Our office has one of the new Cisco ASA 5510 units that has replaced our previous Pix 501 that we used for firewall and VPN. Previously, I used software VPN into the office, but I was thinking about using this 501 as a permanent hardware VPN connection from home to the office. The main question that I have is whether or not this is feasible if I do not have a static IP address on my home connection. I've noticed that from time to time that my modem will acquire a new address. It is my understanding that a solid hardware VPN connection requires IP address, subnet mask, and default gateway from the client side. Is this truly the case, or can there be a configuration on either the 5510 or 501 that would allow me to establish a 501 to 5510 VPN, even though the 501 side has a non-static IP?

Thanks in advance,


Reply to
Loading thread data ...

Use a crypto dynamic map on the 5510 and use a standard crypto map on the 501. In such a situation, the 5510 will not be able to bring up the tunnel if it were down, but everything else would be fine.

I used a 501 with dynamic IP to a 525, for well over a year. There would sometimes be a bit of a glitch when the IP address changed in the middle of a session, but nothing at all serious for the type of deployment you are envisioning.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.