ASA VPN/IPSec with Static/fw and dynamic/home address?

[forrie]

I have an ASA 5505 at home for which I want to configure a VPN to the Cisco ASA 5540 at work. Problem being, I have Comcast as an ISP and my IP is dynamic.

I know I can configure a tunnel and just go in and adjust if the IP happens to change. However, we have a number of other production tunnels on the 5540 that cannot be ill-affected by diddling around with the configuration -- so I need to be sure.

Is there another way to accomplish what I need. Perhaps, I thought, using certificate-based auth, but we're not really set up for that (I think you need a CA etc).


Thanks!

 

[unclerico]

you can use a dynamic crypto-map with the DefaultL2LGroup tunnel group to permit end points with dynamic IP's to connect. this config document gives you an idea of how to get it done (note that part of the config is for an IOS device and the second part is for an ASA so pay attention to the ASA part):

http://www.cisco.com/en/US/products...s_configuration_example09186a00807ea936.shtml