Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
978
Views
10
Helpful
3
Replies

Site To Site IPsec VPN

Go to solution
littlespace
Level 1
Level 1

ā€Ž09-11-2012 09:56 AM - last edited on ā€Ž02-21-2020 11:52 PM by Community Manager

Hi,

I am going to get a ASA 5520 and put it in our Main office as a VPN router. also we have 20-25 remote users that need to have  VPN access to HQ. some of them already have Sonicwall TZ-100 and some them already use VPN client. I am going to get a Cisco router for remote users. Could you please let me know which cisco device (Hardware) is better for end users?  also most of them have Dynamic IP on their DSL lines. is it ok with Cisco to establish a tunnel with a device which has a dynamic IP?

Thanks,

Mike

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Javier Portuguez
Level 9
Level 9

ā€Ž09-11-2012 10:12 AM

Hi,

To know which platform would be ideal, please check this out:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Usually for small-offices a 5505 works fine, but it depends on your needs.

On the other hand, it does not matter if the remote end has a dynamic IP address, please check this out:

Dynamic IPsec Tunnel Between a Statically Addressed ASA and a Dynamically Addressed Cisco IOS Router that uses CCP Configuration Example

Thanks.

Portu.

Please rate any post you find useful.

View solution in original post

Go to solution
Javier Portuguez
Level 9
Level 9
In response to littlespace

ā€Ž09-11-2012 10:31 AM

Hi,

You can use the DefaultL2LGroup, so if the ASA does not find the peer IP on any valid tunnel-group, it checks the DefautlL2LGroup, if the pre-shared-key matches, then phase I gets complete.

Let me know.

Please rate any post you find useful.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Javier Portuguez
Level 9
Level 9

ā€Ž09-11-2012 10:12 AM

Hi,

To know which platform would be ideal, please check this out:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Usually for small-offices a 5505 works fine, but it depends on your needs.

On the other hand, it does not matter if the remote end has a dynamic IP address, please check this out:

Dynamic IPsec Tunnel Between a Statically Addressed ASA and a Dynamically Addressed Cisco IOS Router that uses CCP Configuration Example

Thanks.

Portu.

Please rate any post you find useful.

Go to solution
littlespace
Level 1
Level 1
In response to Javier Portuguez

ā€Ž09-11-2012 10:27 AM

Thank you Javier,

I also have another question regarding dynamic IP on DSL modems. what should I put in "Peer IP Address" on Cisco ASA 5520 in Main Office. Should I put 0.0.0.0 ?

Thanks,

Mike

0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to littlespace

ā€Ž09-11-2012 10:31 AM

Hi,

You can use the DefaultL2LGroup, so if the ASA does not find the peer IP on any valid tunnel-group, it checks the DefautlL2LGroup, if the pre-shared-key matches, then phase I gets complete.

Let me know.

Please rate any post you find useful.

0 Helpful
Customers Also Viewed These Support Documents