1. Home
  2. Cisco Systems
  3. Site to Site VPN w/DHCP

Site to Site VPN w/DHCP

Freinds, I have an intresting task assigned to me that I don't think is possible but I figured I'd throw it out there at least.

Two sites, one site in USA one in China. USA site has a static address, China site will have a DHCP from the provider. China office needs to telnet to USA server to do whatever they do. I need a site to site VPN from one site to the other so this is all secured as best as possible. Obviously if the provider in China assigns a fresh DHCP address, the VPN tunnel will be broken. Is there a way to make this work? Static to DHCP site to site VPN using Cisco PIX equipment. I don't think there is a way but if there is let me know. Cisco seems to say only static addresses.

"The public IP addresses are specified in the IPsec peers configuration, and require that the public addresses of the VPN routers to be static addresses."

Thanks, Adam

Reply to
amattina
Loading thread data ...

With the Cisco PIX (and ASA, I believe), the device cannot initiate a VPN connection to another device that has a dynamic address, but a device that has a dynamic address *can* initiate a VPN connection to a device that has a static address.

You indicate that the site in China will telnet to the USA server, which would seem to imply that having the China site initiate the connection would be fine under the circumstances.

What you need to do to make the situation work, is to configure the site with the variable address normally (normal crypto map, normal 'set peer'), but configure the site with the static address differently. The site with the static address should be configured with a crypto dynamic map.

formatting link

Reply to
Walter Roberson

Walter, Thanks. I was on the phone with techdata and cisco as I was posting and then came accross the answer:

formatting link
I'll see hwo it goes.

Have a great day!

- Adam Walter Robers> > >I have an intresting task assigned to me that I don't think is possible

formatting link

Reply to
amattina

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.