I just upgraded my pix 506 to an asa 5505. I had 3 site to site VPN's\npreviously set up. 1 dynamic and 2 static. All VPNs have functioned\nwell with the 506. I noticed after the cut over to the ASA my VPNs\nkept dropping connections, and the dynamic VPN would not hook up at\nall. (I had to grab the temporary assigned IP to and make it a static\nVPN just to get her up; this is something I am working out later)\nOh, every VPN is setup straight to a PIX 501\n\nMy question is with the VPN's dropping. When I went to the ASA, I\nchanged my global command to only include 68.75.X.YZ ; I did this so I\ncould free up some of my usable IP's since I was running out. Well of\ncourse the VPNs were dropping connections but then reestablishing\nthemselves.\n\nSo to alleviate this (my attempt to) I added back in the rest of the\nIP's to match the config that I had in my 506. So my question is,\nwould reducing the number of IPs issued by the global command force\nthe VPN connections to drop? We only have about 50 users internally.\n\nTHis is my config now:\n\nglobal (outside) 1 68.75.X.XX-68.75.X.XX\nglobal (outside) 1 interface\nglobal (outside) 1 68.75.X.ZX\nglobal (outside) 1 68.75.X.YZ\nnat (inside) 0 access-list VPN\nnat (inside) 1 10.0.0.0 255.255.255.0\nnat (inside) 1 0.0.0.0 0.0.0.0\n\nThis is what it was\n\n\nglobal (outside) 1 interface\nglobal (outside) 1 68.75.X.ZX\nnat (inside) 0 access-list VPN\nnat (inside) 1 10.0.0.0 255.255.255.0\nnat (inside) 1 0.0.0.0 0.0.0.0\n\nThanks for any NAT/PAT/VPN insight.\n\nJustin.