VPN with dynamic IP

Unanswered Question
Apr 1st, 2008
User Badges:

Hi there:


A quick question about configuring a VPN Server on C871. Is it possible to set up a VPN using Dynamic IPs? The Box do get a new IP from the ISP every 24 hours. Is a VPN possible under these circumstances? Is DYNDNS helpful?


Thank you!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lamav Tue, 04/01/2008 - 18:52
User Badges:
  • Blue, 1500 points or more

There sure is. Here is a typical GRE over IPSec config, the commands in bold are to support DHCP.


version 12.3

!

hostname Spoke1

!

crypto isakmp policy 1

authentication pre-share

crypto isakmp key cisco47 address 0.0.0.0 0.0.0.0

!

crypto ipsec transform-set trans2 esp-des esp-md5-hmac

mode transport

!

crypto map vpnmap1 local-address Ethernet0

crypto map vpnmap1 10 IPsec-isakmp

set peer 172.17.0.1

set security-association level per-host

set transform-set trans2

match address 101

!

interface Tunnel0

bandwidth 1000

ip address 10.0.0.2 255.255.255.0

ip mtu 1400

ip nhrp authentication test

ip nhrp map 10.0.0.1 172.17.0.1

ip nhrp network-id 100000

ip nhrp holdtime 300

ip nhrp nhs 10.0.0.1

delay 1000

tunnel source Ethernet0

tunnel destination 172.17.0.1

tunnel key 100000

!

interface Ethernet0

ip address dhcp hostname Spoke1

crypto map vpnmap1

!

interface Ethernet1

ip address 192.168.1.1 255.255.255.0

!

router eigrp 1

network 10.0.0.0 0.0.0.255

network 192.168.1.0 0.0.0.255

no auto-summary

!

access-list 101 permit gre 172.16.1.0 0.0.0.255 host 172.17.0.1


The ACL points to an entire source SUBNET, not just a GRE tunnel host address endpoint. The reason is that your ISP will probably assign an IP address from a designated subnet, which you can find out about from them.


HTH


Victor


heinzel0302 Wed, 04/02/2008 - 13:50
User Badges:

Well first of all I like to thank you for your explanation. But actually I do not get it. What I like to do is to establish a VPN Server on my c871 to access the internal Network behind it. Only Dial-UP Clients shall be able to access the VPN.


The C871 is connected through PPPoE to the ISP who changes the IP every 24 hours. I.e. at the moment that is 87.78.149.72. As the client in the field is not aware of the current IP how is it able to dial in?


So once again, is it possible to set up a dial-up VPN server with dynamic IPs assigned by the ISP? Or is a static IP compulsary?


Hope you can help.


Thanks...Andy

lamav Wed, 04/02/2008 - 19:32
User Badges:
  • Blue, 1500 points or more

Sorry, Andy.


I misunderstood what you were asking.


I dont have an answer to your question.

Actions

This Discussion