OT: Possible to have L2L IPSEC (Dynamic IP address) clients and

OT: Possible to have L2L IPSEC (Dynamic IP address) clients[IOS] and regular
IPSEC VPN Clients (Dynamic IP address) connecting to the same ASA/PIX(Static
IP address)

Disclaimer: "I'm not a firewall guy"

Hi All,

As the subject line says; I've got an odd requirement for a customer to have
a last minute ultra urgent branch office turned up but the only connectivity
option available is a dynamic IP address based Internet link, thus moving
away from the existing / known working setups.

This ASA already has IPSEC VPN Clients (Cisco clients running on Windows)
that connect and work fine.

It would seem as if its possible, but I think I must be missing some config
at the ASA/PIX end, the unit connects, negotiates Phase 1, then fails
(deletes the SA) with no errors in debug crypto isakmp sa pointing to the
issue that I can see.

The ultra urgency and last minute being the part which is causing me to ask
here rather than build the lab, configure, test, configure test which would
be my preferred option.

If anyone could tell me it definitely can work that would be a big help,
even better if anyone can note the specific requirements (config) for it to
work.

Cheers all

Martin.

Blogs and organic groups at http://www.ccie.net
Received on Fri May 14 2010 - 07:12:05 ART