Pix 501 as a VPN Client Info

Discussion in 'Cisco' started by jaylucasaustin.rr.com, Apr 11, 2006.

  1. Hello,

    Our office has one of the new Cisco ASA 5510 units that has replaced our
    previous Pix 501 that we used for firewall and VPN. Previously, I used
    software VPN into the office, but I was thinking about using this 501 as a
    permanent hardware VPN connection from home to the office. The main
    question that I have is whether or not this is feasible if I do not have a
    static IP address on my home connection. I've noticed that from time to
    time that my modem will acquire a new address. It is my understanding that
    a solid hardware VPN connection requires IP address, subnet mask, and
    default gateway from the client side. Is this truly the case, or can there
    be a configuration on either the 5510 or 501 that would allow me to
    establish a 501 to 5510 VPN, even though the 501 side has a non-static IP?

    Thanks in advance,

    -Jay
    jaylucasaustin.rr.com, Apr 11, 2006
    #1
    1. Advertising

  2. In article <EPB_f.15863$>,
    jaylucasaustin.rr.com <> wrote:
    >Our office has one of the new Cisco ASA 5510 units that has replaced our
    >previous Pix 501 that we used for firewall and VPN. Previously, I used
    >software VPN into the office, but I was thinking about using this 501 as a
    >permanent hardware VPN connection from home to the office. The main
    >question that I have is whether or not this is feasible if I do not have a
    >static IP address on my home connection. I've noticed that from time to
    >time that my modem will acquire a new address. It is my understanding that
    >a solid hardware VPN connection requires IP address, subnet mask, and
    >default gateway from the client side. Is this truly the case, or can there
    >be a configuration on either the 5510 or 501 that would allow me to
    >establish a 501 to 5510 VPN, even though the 501 side has a non-static IP?


    Use a crypto dynamic map on the 5510 and use a standard crypto map
    on the 501. In such a situation, the 5510 will not be able to bring
    up the tunnel if it were down, but everything else would be fine.

    I used a 501 with dynamic IP to a 525, for well over a year. There
    would sometimes be a bit of a glitch when the IP address changed
    in the middle of a session, but nothing at all serious for the
    type of deployment you are envisioning.
    Walter Roberson, Apr 11, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Martin Nowles
    Replies:
    0
    Views:
    1,015
    Martin Nowles
    Nov 10, 2003
  2. GVB
    Replies:
    1
    Views:
    2,764
    Martin Bilgrav
    Feb 6, 2004
  3. Tim Fortea
    Replies:
    2
    Views:
    994
  4. Nick
    Replies:
    2
    Views:
    2,372
  5. Svenn
    Replies:
    3
    Views:
    709
    Svenn
    Mar 13, 2006
Loading...

Share This Page