|
Posted by Simon on June 9, 2006, 2:53 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I am using three BEFVP41 routers for site-to-site LAN connections over
> VPN. Two routers connect remote sites with dynamic IP addresses to a
> main site with a static IP address. The connections are initiated by
> traffic originating at the remote sites. With one site connected, the
> tunnel comes up (and stays up) automatically. But the second site does
> not connect. The main router's tunnels are configured to accept
> connections from ANY Remote Security Gateway. When main router's
> tunnels are changed to only accept connections from a specific
> domainname or a specific IP address, the VPN connections come right up.
> But since these remote sites are on dynamic IP addresses, that is not
> a permanent solution. My guess is that since the only difference
> between the two tunnels is the subnet, that once a connection is made,
> the main router does not know how match the second connection request
> to a tunnel definition. Any ideas on how to change this configuration
> to solve this problem? Details are below. Thanks in advance, Claeton
>
> Name, IP Address, Location
> --------------------------------------------------
> R1, static, main site
> R2, dynamic, remote site
> R3, dynamic, remote site
>
> R1 SETTINGS
> -----------
> VPN Tunnel: Enabled
> Tunnel Name: VP1
> Local Secure Group: (Subnet)
> IP: 192.168.200.0
> Mask: 255.255.255.0
> Remote Secure Group: Subnet
> IP: 192.168.100.0
> Mask: 255.255.255.0
> Remote Security Gateway: Any
> Encryption: 3DES
> Authentication: MD5
> Key Management: Auto. (IKE)
> PFS: Enabled
> Pre-shared Key: abcdef
> Key Lifetime: 30000000 seconds
> ADVANCED SETTINGS:
> Phase 1:
> Operation mode : Main mode
> Username: <blank>
> Proposal:
> Encryption: 3DES
> Authentication :MD5
> Group: 768-bit
> Key Lifetime: 30000000 seconds
> Phase 2:
> Proposal :
> Encryption: 3DES
> Authentication: MD5
> PFS: ON
> Group: 768-bit
> Key Lifetime: 30000000 seconds
> The second tunnel is the same as the first except for the remote
> subnet:
> Tunnel Name: VP2
> Remote Secure Group: Subnet
> IP: 192.168.101.0
> Mask: 255.255.255.0
>
> R2's and R3's VPN setting are *exactly* the same, except that they have
> different Local Secure Group subnets.
>
> R2 SETTINGS
> -----------
> VPN Tunnel: Enabled
> Tunnel Name: VP1
> Local Secure Group: (Subnet)
> IP: 192.168.100.0
> Mask: 255.255.255.0
> Remote Secure Group: IP Addr
> IP: 192.168.200.0
> Mask: 255.255.255.0
> Remote Security Gateway: FQDN
> mydomain.net
> Encryption: 3DES
> Authentication: MD5
> Key Management: Auto. (IKE)
> PFS: Enabled
> Pre-shared Key: abcdef
> Key Lifetime: 30000000 seconds
> ADVANCED SETTINGS:
> Phase 1:
> Operation mode : Main mode
> Username: <blank>
> Proposal:
> Encryption: 3DES
> Authentication :MD5
> Group: 768-bit
> Key Lifetime: 30000000 seconds
> Phase 2:
> Proposal :
> Encryption: 3DES
> Authentication: MD5
> PFS: ON
> Group: 768-bit
> Key Lifetime: 30000000 seconds
> Other Settings:
> Keep-Alive: <checked>
>
> R3 SETTINGS are the same as R2 EXCEPT for the subnet:
> ---------------------
> Tunnel Name: VP2
> Local Secure Group: (Subnet)
> IP: 192.168.101.0
> Mask: 255.255.255.0
>
Hi,
As a horrid bodge how about dynamic dns names ?
simon
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map