Site-To-Site VPN - Dynamic IP Addresses

Unanswered Question
May 15th, 2008

Is it possible to set up a site-to-site IPSec tunnel in which both sites have a dynamic IP address. Each site has a DNS name associated with it.

I am looking at the preshared authentication key commands and they don't seem to support a domain name.

crypto isakmp key keystring address peer-address [mask]

crypto isakmp key keystring hostname peer-hostname

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Richard Burts Thu, 05/15/2008 - 09:00

Ray

It is my understanding that in the site to site IPSec VPN one of the sites needs to have a static IP address. You can work around the pre-shared key on one side by specifying address and mask of 0.0.0.0 0.0.0.0. But I do not believe that you can do that on both sides.

HTH

Rick

rstiegler Thu, 05/15/2008 - 09:03

Can you define a hostname in the configuration file which will use the domain name instead of a IP address? Then you could use the hostname when referring the sites IP address. Is this possible?

Richard Burts Thu, 05/15/2008 - 09:16

Ray

While I know that some commands in IOS will accept a host name as input instead of an address I am not clear whether the IPSec commands do. And even if they do I believe that it will not accomplish what you need.

It is my understanding that the commands that do accept a hostname as input will resolve the name to an address when the router boots and after that will use the resolved address. So when the router boots it might resolve the address of a peer. But if the peer address then dynamically changed the router would not adjust its peer address.

HTH

Rick

rstiegler Fri, 05/30/2008 - 10:49

"It is my understanding that the commands that do accept a hostname as input will resolve the name to an address when the router boots and after that will use the resolved address."

Is this an IOS feature? Would this be true for all of Cisco routers?

Richard Burts Fri, 05/30/2008 - 11:26

Ray

As far as I know it is an IOS feature and would be true of all Cisco IOS routers.

HTH

Rick

Actions

This Discussion