|
Posted by Diego Balgera on February 4, 2008, 12:28 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi,
I have 2 Cisco 8xx routers, both with an ethernet (internal) and ADSL
(external) interfaces. The IP address given to the ADSL interface is
dynamic, negotiated via PPP to a dialer interface, a configuration from a
typical ISP.
Both external dynamic IP addresses are known with a fully qualified domain
name via dynamic DNS that I set up already.
Now I would like to set up a VPN between these 2 routers to connect the 2
internal networks together: I set up the VPN using their IP addresses
(crypto policy, crypto transform-set, crypto map) and it works like a charm
until I reboot the router and the IP address will change. I need to solve
this using the dynamic DNS names instead, but all my attempts to set up the
configuration using the dynamic DNS names failed so far ... :-(
Can you please suggest a configuration sample or a document showing how to
configure the VPN using the dynamic DNS names as VPN peers?
Thank you in advance!
Best regards.
Diego.
|
|
Posted by Merv on February 4, 2008, 2:12 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Can you please suggest a configuration sample or a document showing how to
> configure the VPN using the dynamic DNS names as VPN peers?
I would be very surprised if that capability exists
Suggest you open a case with the Cisco TAC
|
|
Posted by Andreas Heinzelmann on February 5, 2008, 5:43 am
If you were Registered and logged in, you could reply and use other advanced thread options
>
>> Can you please suggest a configuration sample or a document showing how
>> to
>> configure the VPN using the dynamic DNS names as VPN peers?
Hi Diego,
Well thats about the same challenge I face. If you have found a solution or
even if TAC tells you that it wont work I would really appreciate it to
read about your experiences.
Thanks...Andy
|
|
Posted by Merv on February 5, 2008, 10:32 am
If you were Registered and logged in, you could reply and use other advanced thread options this manufacturer claims to be able to support dynamic-to-dynamic DNS
IPSEC tunnels
http://www.multitech.com/DOCUMENTS/Collateral/data_sheets/498.asp
Fully Qualified Domain Name (FQDN) Feature The SOHO RouteFinder's FQDN
feature allows you to utilize a static name in the IPSec VPN setup,
like "branchoffice.dyndns.org", instead of a dynamic IP address, to
create static-to-dynamic or dynamic-to-dynamic VPN IPSec tunnels.
|
|
Posted by Aaron Leonard on February 5, 2008, 12:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options You'd need to work some magic using kron/EEM/Tcl or similar.
For example, have a kron job fire every n minutes. Check to see if
the DNS name of interest matches the peer's actual address. If not,
reconfigure things.
Aaron
----
~ >
~ >> Can you please suggest a configuration sample or a document showing how
~ >> to
~ >> configure the VPN using the dynamic DNS names as VPN peers?
~ Hi Diego,
~
~ Well thats about the same challenge I face. If you have found a solution or
~ even if TAC tells you that it wont work I would really appreciate it to
~ read about your experiences.
~
~ Thanks...Andy
~
|
| Similar Threads | Posted | | PIX Site to site with dynamic peers | August 17, 2004, 1:18 am |
| PIX Site to site with dynamic peers | August 17, 2004, 1:18 am |
| PIX Site to site with dynamic peers | August 17, 2004, 1:18 am |
| VPN to dynamic address | March 9, 2008, 4:50 pm |
| Access list with dynamic address | December 24, 2007, 4:34 pm |
| ipsec when one site has dynamic ip address | April 24, 2008, 9:18 pm |
| pix multiple ipsec tunels dynamic ip address | April 1, 2005, 5:37 pm |
| Re: PIX/FWSM: allow inbound connections to dynamic NAT address? | November 15, 2007, 9:41 am |
| Dynamic Outside NAT | November 30, 2005, 4:43 pm |
| dynamic? | March 3, 2006, 2:07 am |
|
|