Can the peer address of a router for a VPN be a DNS name?

Unanswered Question
Oct 5th, 2007
User Badges:

On a Cisco router (877,1841) in VPN mode can a DNS name be used instead of an IP for the peer address, just means if we change our IP they connect to it will mean I don't have to edit every single router?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Danilo Dy Fri, 10/05/2007 - 06:00
User Badges:
  • Blue, 1500 points or more


The commands has options only for IP Address and Hostname


crypto isakmp key string [address|hostname]


crypto map map-name isakmp authorization list list-name

set peer [address|hostname]

How often you change the router IP Address? Unless you keep restructuring your network or keep changing ISP, you will keep on changing IP Address.

If FQDN is allowed, there are some issues;

- An attacker (with prior knowledge of your VNP setup) can change the 'A' record in the DNS to point to their IP Address.

- The router should not lose connection to a DNS to prevent disconnection of VPN peer.




This Discussion