Can the peer address of a router for a VPN be a DNS name?

Unanswered Question
Oct 5th, 2007

On a Cisco router (877,1841) in VPN mode can a DNS name be used instead of an IP for the peer address, just means if we change our IP they connect to it will mean I don't have to edit every single router?

Thansk

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danilo Dy Fri, 10/05/2007 - 06:00

Hi,

The commands has options only for IP Address and Hostname

!

crypto isakmp key string [address|hostname]

!

crypto map map-name isakmp authorization list list-name

set peer [address|hostname]

How often you change the router IP Address? Unless you keep restructuring your network or keep changing ISP, you will keep on changing IP Address.

If FQDN is allowed, there are some issues;

- An attacker (with prior knowledge of your VNP setup) can change the 'A' record in the DNS to point to their IP Address.

- The router should not lose connection to a DNS to prevent disconnection of VPN peer.

Regards,

Dandy

Actions

This Discussion