Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
496
Views
5
Helpful
6
Replies

Site-To-Site VPN - Dynamic IP Addresses

rstiegler
Level 1
Level 1

‎05-15-2008 08:35 AM - edited ‎03-03-2019 09:58 PM

Is it possible to set up a site-to-site IPSec tunnel in which both sites have a dynamic IP address. Each site has a DNS name associated with it.

I am looking at the preshared authentication key commands and they don't seem to support a domain name.

crypto isakmp key keystring address peer-address [mask]

crypto isakmp key keystring hostname peer-hostname

Labels:
0 Helpful
6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

‎05-15-2008 09:00 AM

Ray

It is my understanding that in the site to site IPSec VPN one of the sites needs to have a static IP address. You can work around the pre-shared key on one side by specifying address and mask of 0.0.0.0 0.0.0.0. But I do not believe that you can do that on both sides.

HTH

Rick

HTH

Rick

rstiegler
Level 1
Level 1
In response to Richard Burts

‎05-15-2008 09:03 AM

Can you define a hostname in the configuration file which will use the domain name instead of a IP address? Then you could use the hostname when referring the sites IP address. Is this possible?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to rstiegler

‎05-15-2008 09:16 AM

Ray

While I know that some commands in IOS will accept a host name as input instead of an address I am not clear whether the IPSec commands do. And even if they do I believe that it will not accomplish what you need.

It is my understanding that the commands that do accept a hostname as input will resolve the name to an address when the router boots and after that will use the resolved address. So when the router boots it might resolve the address of a peer. But if the peer address then dynamically changed the router would not adjust its peer address.

HTH

Rick

HTH

Rick
0 Helpful

rstiegler
Level 1
Level 1
In response to Richard Burts

‎05-15-2008 09:19 AM

Thanks for your reponse!

0 Helpful

rstiegler
Level 1
Level 1
In response to Richard Burts

‎05-30-2008 10:49 AM

"It is my understanding that the commands that do accept a hostname as input will resolve the name to an address when the router boots and after that will use the resolved address."

Is this an IOS feature? Would this be true for all of Cisco routers?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to rstiegler

‎05-30-2008 11:26 AM

Ray

As far as I know it is an IOS feature and would be true of all Cisco IOS routers.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card