VPN between peers with dynamic IP address and dynamic DNS


I have 2 Cisco 8xx routers, both with an ethernet (internal) and ADSL (external) interfaces. The IP address given to the ADSL interface is dynamic, negotiated via PPP to a dialer interface, a configuration from a typical ISP. Both external dynamic IP addresses are known with a fully qualified domain name via dynamic DNS that I set up already.

Now I would like to set up a VPN between these 2 routers to connect the 2 internal networks together: I set up the VPN using their IP addresses (crypto policy, crypto transform-set, crypto map) and it works like a charm until I reboot the router and the IP address will change. I need to solve this using the dynamic DNS names instead, but all my attempts to set up the configuration using the dynamic DNS names failed so far ... :-(

Can you please suggest a configuration sample or a document showing how to configure the VPN using the dynamic DNS names as VPN peers?

Thank you in advance! Best regards. Diego.

Reply to
Diego Balgera
Loading thread data ...

I would be very surprised if that capability exists

Suggest you open a case with the Cisco TAC

Reply to

"Merv" schrieb im Newsbeitrag news: snipped-for-privacy@q39g2000hsf.googlegroups.com...

Hi Diego,

Well thats about the same challenge I face. If you have found a solution or even if TAC tells you that it wont work I would really appreciate it to read about your experiences.


Reply to
Andreas Heinzelmann

this manufacturer claims to be able to support dynamic-to-dynamic DNS IPSEC tunnels

formatting link

Fully Qualified Domain Name (FQDN) Feature The SOHO RouteFinder's FQDN feature allows you to utilize a static name in the IPSec VPN setup, like "branchoffice.dyndns.org", instead of a dynamic IP address, to create static-to-dynamic or dynamic-to-dynamic VPN IPSec tunnels.

Reply to

You'd need to work some magic using kron/EEM/Tcl or similar.

For example, have a kron job fire every n minutes. Check to see if the DNS name of interest matches the peer's actual address. If not, reconfigure things.


Reply to
Aaron Leonard

Sorry this is not a direct answer, but you do know that there is an outage window associated with DDNS when your IP refreshes (because the DDNS service has to reregister the new IP, then this info has to propagate perhaps)

hence if you need VPN its worth the extra few bucks for static IP

sorry can't help directly, I've never seen a VPN c> th with an ethernet (internal) and ADSL

Reply to
Johann Lo

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.