Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
304
Views
0
Helpful
1
Replies

Can the peer address of a router for a VPN be a DNS name?

whiteford
Level 1
Level 1

‎10-05-2007 01:30 AM - edited ‎03-03-2019 07:02 PM

On a Cisco router (877,1841) in VPN mode can a DNS name be used instead of an IP for the peer address, just means if we change our IP they connect to it will mean I don't have to edit every single router?

Thansk

Labels:
0 Helpful
1 Reply 1

Danilo Dy
VIP Alumni
VIP Alumni

‎10-05-2007 06:00 AM

Hi,

The commands has options only for IP Address and Hostname

!

crypto isakmp key string [address|hostname]

!

crypto map map-name isakmp authorization list list-name

set peer [address|hostname]

How often you change the router IP Address? Unless you keep restructuring your network or keep changing ISP, you will keep on changing IP Address.

If FQDN is allowed, there are some issues;

- An attacker (with prior knowledge of your VNP setup) can change the 'A' record in the DNS to point to their IP Address.

- The router should not lose connection to a DNS to prevent disconnection of VPN peer.

Regards,

Dandy

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card