2801 - 1700 IPSEC VPN ISSUES

Answered Question
Sep 12th, 2008
User Badges:

Current set up is Static to Static,

due to ISP changes we are loosing the static on the 1700. If I setup dynamic DNS behind the 1700 could I use a FQDN in the crypo isakmp policy?

i.e.) crypto isakmp key <thekey> address <the FQDN>

and then in the map do

crypto map <name> <#> ipsec-isakmp

set peer <the FQDN>

set transform-set <transform>


the 1700 is an ISDN connection

alternative is going T1 at X2 the cost and buying a WIC, and a plane ticket....


Correct Answer by Farrukh Haroon about 8 years 8 months ago

Yes you can, you can use different sequence numbers for the two crypto maps. Place the static one first and then the dynamic one.


Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
peterbertels Sun, 09/14/2008 - 19:38
User Badges:

ok but i have current static to static ipsec tunnels... and need to change just one tunnel to use dynamic...

the HQ router is a 2801

will it allow both static and one dynamic crypto maps ?? on the same router ?

pb

Correct Answer
Farrukh Haroon Sun, 09/14/2008 - 23:45
User Badges:
  • Red, 2250 points or more

Yes you can, you can use different sequence numbers for the two crypto maps. Place the static one first and then the dynamic one.


Regards


Farrukh

peterbertels Mon, 09/15/2008 - 08:11
User Badges:

Thankyou..

I have have GRE running inside IPSEC...

I added a dynamic-map and then added the crypto map dynamic


then removed the static for that link.. and reloaded the remote router... it still has its old IP address but it did connect... my only concern is that when the IP changes there will be routing issues.


Thank you for your help. It was very helpful to me with a very short time frame.

pb

Farrukh Haroon Mon, 09/15/2008 - 08:35
User Badges:
  • Red, 2250 points or more

No if everything is setup correctly, there shall be no routing issues.


Regards


Farrukh

Actions

This Discussion