Cisco Systems VPN between peers with dynamic IP address and dynamic DNS
Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
VPN between peers with dynamic IP address and dynamic DNS Diego Balgera 02-04-08
Posted by Diego Balgera on February 4, 2008, 12:28 pm
Please log in for more thread options
Hi,

I have 2 Cisco 8xx routers, both with an ethernet (internal) and ADSL
(external) interfaces. The IP address given to the ADSL interface is
dynamic, negotiated via PPP to a dialer interface, a configuration from a
typical ISP.
Both external dynamic IP addresses are known with a fully qualified domain
name via dynamic DNS that I set up already.

Now I would like to set up a VPN between these 2 routers to connect the 2
internal networks together: I set up the VPN using their IP addresses
(crypto policy, crypto transform-set, crypto map) and it works like a charm
until I reboot the router and the IP address will change. I need to solve
this using the dynamic DNS names instead, but all my attempts to set up the
configuration using the dynamic DNS names failed so far ... :-(

Can you please suggest a configuration sample or a document showing how to
configure the VPN using the dynamic DNS names as VPN peers?

Thank you in advance!
Best regards.
Diego.



Posted by Merv on February 4, 2008, 2:12 pm
Please log in for more thread options


I would be very surprised if that capability exists

Suggest you open a case with the Cisco TAC



Posted by Andreas Heinzelmann on February 5, 2008, 5:43 am
Please log in for more thread options


Hi Diego,

Well thats about the same challenge I face. If you have found a solution or
even if TAC tells you that it wont work I would really appreciate it to
read about your experiences.

Thanks...Andy



Posted by Merv on February 5, 2008, 10:32 am
Please log in for more thread options
this manufacturer claims to be able to support dynamic-to-dynamic DNS
IPSEC tunnels


http://www.multitech.com/DOCUMENTS/Collateral/data_sheets/498.asp


Fully Qualified Domain Name (FQDN) Feature The SOHO RouteFinder's FQDN
feature allows you to utilize a static name in the IPSec VPN setup,
like "branchoffice.dyndns.org", instead of a dynamic IP address, to
create static-to-dynamic or dynamic-to-dynamic VPN IPSec tunnels.


Posted by Aaron Leonard on February 5, 2008, 12:56 pm
Please log in for more thread options
You'd need to work some magic using kron/EEM/Tcl or similar.

For example, have a kron job fire every n minutes.  Check to see if
the DNS name of interest matches the peer's actual address.  If not,
reconfigure things.

Aaron

----

~ >
~ >> Can you please suggest a configuration sample or a document showing how
~ >> to
~ >> configure the VPN using the dynamic DNS names as VPN peers?
~ Hi Diego,
~
~ Well thats about the same challenge I face. If you have found a solution or
~ even if TAC tells you that it wont work I would really appreciate it to
~ read about your experiences.
~
~ Thanks...Andy
~


Similar ThreadsPosted
VPN between peers with dynamic IP address and dynamic DNS February 4, 2008, 12:28 pm
VPN to dynamic address March 9, 2008, 4:50 pm
Access list with dynamic address December 24, 2007, 4:34 pm
ipsec when one site has dynamic ip address April 24, 2008, 9:18 pm
Re: PIX/FWSM: allow inbound connections to dynamic NAT address? November 15, 2007, 9:41 am
Dynamic Outside NAT November 30, 2005, 4:43 pm
dynamic? March 3, 2006, 2:07 am
NAT to dynamic IP? August 1, 2008, 2:03 am
Dynamic Outside Translation October 17, 2005, 4:29 pm
Dynamic bandwidth December 14, 2005, 2:49 pm
Dynamic DNS woes January 7, 2006, 1:11 pm
PIX dynamic VPN question June 19, 2006, 10:40 am
Static & Dynamic NAT July 4, 2006, 11:31 am
dynamic ban-list July 7, 2006, 5:14 am
Re: Dynamic NAT Failure September 1, 2006, 9:53 am
Latest PostsForumRSS
Re: 871W: Wi-fi to Wi-fi unreliable Wireless Networking
Traffic Shaping Cisco Systems
School district and Verizon collaborate over cell phone lear... General Telecommunications Forum
Re: Motion Sensor Light for Front Entrance General Home Automation
Telecom Hardware Cisco Certification
Selling Routes Bangladesh CLI (White) Voice-Over-IP
USB _to_ RJ45 (not from) connection Ethernet LAN
FAQ: Maximizing cable modem or DSL speed Cable Modems
CASH FOR CISCO - I BUY USED AND NEW EQUIPMENT & LOTS MOR... Telecom Technical
FAQ: Maximizing cable modem or DSL speed Digital Subscriber Line
How to set up Meridian 1 to "provide clock" to a C... Nortel Networks
NFL Soccer Jersey, NBA NHL Sports Jersey From China LAN and Telecom Cabling
Control Hot Water Circ Pump With X10? Home Automation
Text file to automate restoring a dropped VPN connection. Virtual Private Networks
Home Theater Installation Home Theater
Re: The Turkic Languages in a Nutshell Fiber Optics
sip Video Conferencing
Residential Cabling Guide Home Cabling Guide

Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!

Click Here to learn more