Pix 501 as a VPN Client Info

- J
- jaylucasaustin.rr.com
  
  Contact options for registered users
posted
18 years ago

Mon, Apr 10, 2006 11:25 PM

Hello,

Our office has one of the new Cisco ASA 5510 units that has replaced our previous Pix 501 that we used for firewall and VPN. Previously, I used software VPN into the office, but I was thinking about using this 501 as a permanent hardware VPN connection from home to the office. The main question that I have is whether or not this is feasible if I do not have a static IP address on my home connection. I've noticed that from time to time that my modem will acquire a new address. It is my understanding that a solid hardware VPN connection requires IP address, subnet mask, and default gateway from the client side. Is this truly the case, or can there be a configuration on either the 5510 or 501 that would allow me to establish a 501 to 5510 VPN, even though the 501 side has a non-static IP?

Thanks in advance,

-Jay

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Tue, Apr 11, 2006 1:33 AM

Use a crypto dynamic map on the 5510 and use a standard crypto map on the 501. In such a situation, the 5510 will not be able to bring up the tunnel if it were down, but everything else would be fine.

I used a 501 with dynamic IP to a 525, for well over a year. There would sometimes be a bit of a glitch when the IP address changed in the middle of a session, but nothing at all serious for the type of deployment you are envisioning.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.