I need to be able to use a Cisco 877 ADSL router to form a VPN tunnel to another on the end of an ADSL connection where I can't get a fixed IP address.
That remote site is using the dynDNS service
While the IOS config will accept a hostname instead of an IP address when I view the config it show as an Ip address. Therefore I assume it does a one-time DNS lookup and stores the IP address in the config.
Is there a way to get a Cisco device to accept a dynDns type name as the tunnel endpoint?
That's not possible.
IOS will not accept a name however - never having done it - I would read up on DMVPN. I think that this will do the job but has various trade-offs.
Clive Carmock schrieb:
This is possible with a few restrictions by combining a wildcard preshared key with a dynamic lookup of the peer in the crypto map.
! crypto isakmp key insert-your-psk-here address 0.0.0.0 0.0.0.0 no-xauth crypto isakmp identity hostname ! crypto map cmap 10 ipsec-isakmp set peer yourdyndnssamplehost.dyndns.org dynamic !
The restrictions: no ipsec main mode, aggressive mode is used instead. You cannot use VTI or a routing protocol. If you have a fixed IP address on one side at least, setting up a DMVPN is much more convenient.
see Cisco doc Configuring Router-to-Router Dynamic-to-Static IPSec with NAT
Clive Carmock schrieb:
You'll have to configure this as if the other end was a roving client: wildcard preshared key plus dynamic crypto map.
HTH T.
In message , Uli Link writes
Thanks Uli - do you think this would work if both ends are Dynamically addressed? I assume I'd repeat this but in reverse at the other end?
Regards
check out this new Cisco feature
Real-time Resolution for IPSec Tunnel Peer
crypto map secure_b 10 ipsec-isakmp match address 140 set peer b.cisco.com dynamic
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.