05-15-2008 08:35 AM - edited 03-03-2019 09:58 PM
Is it possible to set up a site-to-site IPSec tunnel in which both sites have a dynamic IP address. Each site has a DNS name associated with it.
I am looking at the preshared authentication key commands and they don't seem to support a domain name.
crypto isakmp key keystring address peer-address [mask]
crypto isakmp key keystring hostname peer-hostname
05-15-2008 09:00 AM
Ray
It is my understanding that in the site to site IPSec VPN one of the sites needs to have a static IP address. You can work around the pre-shared key on one side by specifying address and mask of 0.0.0.0 0.0.0.0. But I do not believe that you can do that on both sides.
HTH
Rick
05-15-2008 09:03 AM
Can you define a hostname in the configuration file which will use the domain name instead of a IP address? Then you could use the hostname when referring the sites IP address. Is this possible?
05-15-2008 09:16 AM
Ray
While I know that some commands in IOS will accept a host name as input instead of an address I am not clear whether the IPSec commands do. And even if they do I believe that it will not accomplish what you need.
It is my understanding that the commands that do accept a hostname as input will resolve the name to an address when the router boots and after that will use the resolved address. So when the router boots it might resolve the address of a peer. But if the peer address then dynamically changed the router would not adjust its peer address.
HTH
Rick
05-15-2008 09:19 AM
Thanks for your reponse!
05-30-2008 10:49 AM
"It is my understanding that the commands that do accept a hostname as input will resolve the name to an address when the router boots and after that will use the resolved address."
Is this an IOS feature? Would this be true for all of Cisco routers?
05-30-2008 11:26 AM
Ray
As far as I know it is an IOS feature and would be true of all Cisco IOS routers.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: