Hello JP,

Thanks for replying, very useful links you have provided!

My issue though it the HO is the site that doesn't have the Static address but the remote sites does.

Regards,
Simon

Hi Simon.peters1,

The device that is static and the one dynamic is not really going to make any difference, so if the HO is dynamic you need to configure the static crypto map and the remote needs to configure a dynamic crypto map.

Hope this info helps!!

Rate if helps you!! 

-JP-

Hi JP,

Thabk you very much for your help. I will have a look tomorrow and let you know how it goes.

It looks like it will be exactly what I need!

Thanks,

Simon

Hello,

I have had a look and I think it will be ok but I need to setup multiple VPNS to the HO ASA that has no static IP Address. 

Looking at the links if I set the IKE Parameters to be KeyID will it work with Multiple vpns?

Regards,

Simon

Hi JP,

I have got the tunnel established ok but can't access anything either end so assume there is an ussue with the access lists.

One question on the static setup side, there is no mention of setting the tunnel up on the static side in the setup notes, I have used the wizard to create the vpn as otherwise it wont come up. I assume you need to create the site to site vpn on the static ASA?

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119007-config-asa9x-ike-ipsec-00.html

Thanks,
Simon

Another update......

I have now got the VPN working between the two but I loose internet access both ends.

I am getting an error as below when pinging google.

teardown icmp connection for add 8.8.8.8 

Any suggestions?

Thanks!