09-12-2013 07:18 AM - edited 02-21-2020 07:09 PM
Hey,
I never deployed production IPSEC VPN tunnel using ASA on both sides with one side using dynamic public IP. I normally deploy VPN Tunnels with both sides using static public IP addresses (not always has public IP on ASA directly though).
So I am wonder how stable it works with one side static public IP and the other side uses dynamic public IP?
Thanks,
Shuai
Solved! Go to Solution.
09-12-2013 07:21 AM
If you use certificates and main mode, or psk and aggressive it will work fine. I have a number of production sites using this method.
Sent from Cisco Technical Support iPad App
09-12-2013 07:21 AM
If you use certificates and main mode, or psk and aggressive it will work fine. I have a number of production sites using this method.
Sent from Cisco Technical Support iPad App
09-12-2013 07:23 AM
So you mean using certificates and main mode OR psk and aggressive mode on the side using dynamic public IP, right?
I might build one in lab and stress test it.
09-12-2013 07:44 AM
Yep. Dynamic tunnels don't work in main mode with pre shared keys
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide