I'm using two C1812 with Software (C181X-ADVIPSERVICESK9-M), Version
12.4(6)T9, RELEASE SOFTWARE (fc2). I want to establish site-to-site VPN between 2 sites. At each site there is dynamic IP address with ADSL. Each site has its own dyndns name. What is required in my configuration that I could establish IPSec site-to-site VPN over dyndns names? Some special commands? ThanksSS schrieb:
It is not supported, but it works.
the trick is to authenticate by the external fqdn instead of the unkown IP addresses and initiate aggressive mode with wildcard preshared keys.
Haven't figured out with VTIs until now, only the old crypto map way.
I did it like this? What do you mean with fqdn?
ip name-server 195.29.150.3 ip name-server 195.29.150.4 ip ddns update method DYNDNS HTTP add http://xxxxxx: snipped-for-privacy@members.dyndns.org/nic/updatesystem=dyndns&hostname=&myip= interval maximum 0 0 1 0 ! ! interface Dialer0 ip ddns update hostname xxxxxx.dnsalias.net ip ddns update DYNDNS ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username xxxx@htnet-dsl password 7 wwwww crypto map VK-VU ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 crypto isakmp key 6 map-kex address 0.0.0.0 0.0.0.0 no-xauth ! ! crypto ipsec transform-set T1 ah-md5-hmac esp-aes crypto ipsec transform-set T2 esp-aes esp-sha-hmac crypto ipsec transform-set T3 ah-md5-hmac esp-aes crypto ipsec transform-set T4 ah-md5-hmac esp-3des crypto ipsec transform-set T5 ah-md5-hmac esp-des ! ! crypto map VK-VU 10 ipsec-isakmp set peer xxxxx.dnsalias.net dynamic set transform-set T2 match address INT_TRAFFIC !
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.