IPSec VPN with Dynamic Address

Unanswered Question
Oct 22nd, 2009
User Badges:

Hi, experts:

I need to create a site to site VPN, but there is one caveat: one end will have a dynamic external interface IP address.

BESIDES DMVPN, is there another way of working around that?

How can I get the two routers to establish an IPSec tunnel betwen them if one router does not know how to reach the other? How can IKE phase 1 create an SA?

Someone mentioned certificates as a solution, but I am not sure I understand how this helps.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thotsaphon Thu, 10/22/2009 - 10:11
User Badges:
  • Gold, 750 points or more


You can do it for sure. What you have to know is that the dynamic-ip side must firstly start sending traffic to the static-ip site. Forgetting about certificates for a while. Let's start finding the "dynamic-map" keyword. You can do it on Cisco IOS firewall or ASA firewall. Let's do some more browsing on Cisco website you will find the way to go.

If I were you,I will check things here : http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html (grin)




This Discussion