Hi I need to make a static vpn tunnel between two places but in one localization is only with dynamic ip on one side of tunnel is pix on other linksys BEFSX41 with dynDNS and TZO.com support. when the ip is static then is no problem, but with dynamic ip's is different situation. some one maybe have a idea how to solve this situation. thx
Pay some bugs for a static IP.
that i know, but it's impossible
Then you do not need the VPN.
be so kind and if you don't have nothing to say just be quiet
Do a google for "pix static to dynamic vpn" 1000's of hits. Heres one from Cisco, using NAT, you can simply ignore the NAT stuff tho for your config.
If you need both sides to be able to bring up the tunnel, and if it is the linksys that has the dynamic IP, then you will not be able to do what you want in PIX 5, or 6 for sure (and I don't think you can do it in PIX 7, but I could be wrong about that.)
You could have an internal computer on the PIX side look up the IP address and then have it log in to the PIX and reprogram the PIX. But if the dynamic IP address of the linksys changed while the tunnel was up, then you would need some way for that internal computer to notice the change and go back in and reprogram the PIX again. In PIX 5 and 6, this reprogramming can NOT be done via SNMP; PIX 7 has more SNMP capabilities, but I don't -think- it could be done via SNMP on PIX 7 either.
So if we *know* that what you want to do cannot be done using the equipment you have specified, then you'd prefer that we just say nothing and leave you searching for a solution that does not exist?
The person you were replying to -was- being helpful, by pointing out the relative priorities of the situation. Unless you use the reprogramming approach I described in my earlier posting (which would require equipment and software tools beyond those you listed as being available), you cannot do what you asked to do, and the best available fix is to get a static IP on both ends.
If the two-way link is of sufficient importance to you, you must find a way to overcome the "impossible" dynamic IP situation, even if that means paying thousands of dollars to have an ISP install a fibre connection. If the link isn't worth that much trouble or expense, then you must either do without having both ends able to initiate the link, or else you must change the PIX for some either kind of firewall that will cooperate with DynDNS.
You are right: PIX 7 needs static IPs, too.
You are right: PIX 7 can't be reprogrammed using SNMP.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.