Site-to-Site and Mobile User

[accconst]

I have a PIX 515E and have a site-to-site VPN configured and working. This VPN terminates at a watchguard soho 6 router which has a dynamic ip address. My VPN uses a pre-shared key and a dynamic crypto-map to accomodate the SOHO's dynamic ip.

I would like to be able to connect to the network behind my PIX from my laptop using any internet connection (remote peer connection). I am aware of the PIX's IKE Mode Config process, but can I do this and have a site-to-site VPN connection that uses a dynamic crypto map?

If so, how do I accomplish this? (it seems to me that if I configure my dynamic crypto-map for IKE Mode Config, it'll nock out my site-to-site connection...)

Thanks

 

[lgarner]

Use a much higher priority number for the dynamic map than for the static. The static will be used when the peer address matches, otherwise the dynamic map is uses as a last resort. Here's mine:

crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer xx.xx.xx.xx
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 30 ipsec-isakmp
crypto map outside_map 30 match address outside_cryptomap_30
crypto map outside_map 30 set peer yy.yy.yy.yy
crypto map outside_map 30 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication RADIUS
crypto map outside_map interface outside

 

[accconst]

Thanks lgarner