2801 - 1700 IPSEC VPN ISSUES

Answered Question
Sep 12th, 2008

Current set up is Static to Static,

due to ISP changes we are loosing the static on the 1700. If I setup dynamic DNS behind the 1700 could I use a FQDN in the crypo isakmp policy?

i.e.) crypto isakmp key <thekey> address <the FQDN>

and then in the map do

crypto map <name> <#> ipsec-isakmp

set peer <the FQDN>

set transform-set <transform>

the 1700 is an ISDN connection

alternative is going T1 at X2 the cost and buying a WIC, and a plane ticket....

I have this problem too.
0 votes
Correct Answer by Farrukh Haroon about 8 years 4 months ago

Yes you can, you can use different sequence numbers for the two crypto maps. Place the static one first and then the dynamic one.

Regards

Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
peterbertels Sun, 09/14/2008 - 19:38

ok but i have current static to static ipsec tunnels... and need to change just one tunnel to use dynamic...

the HQ router is a 2801

will it allow both static and one dynamic crypto maps ?? on the same router ?

pb

Correct Answer
Farrukh Haroon Sun, 09/14/2008 - 23:45

Yes you can, you can use different sequence numbers for the two crypto maps. Place the static one first and then the dynamic one.

Regards

Farrukh

peterbertels Mon, 09/15/2008 - 08:11

Thankyou..

I have have GRE running inside IPSEC...

I added a dynamic-map and then added the crypto map dynamic

then removed the static for that link.. and reloaded the remote router... it still has its old IP address but it did connect... my only concern is that when the IP changes there will be routing issues.

Thank you for your help. It was very helpful to me with a very short time frame.

pb

Farrukh Haroon Mon, 09/15/2008 - 08:35

No if everything is setup correctly, there shall be no routing issues.

Regards

Farrukh

Actions

This Discussion