IPSec VPN with Dynamic Address

Unanswered Question
Oct 22nd, 2009
User Badges:

Hi, experts:


I need to create a site to site VPN, but there is one caveat: one end will have a dynamic external interface IP address.


BESIDES DMVPN, is there another way of working around that?


How can I get the two routers to establish an IPSec tunnel betwen them if one router does not know how to reach the other? How can IKE phase 1 create an SA?


Someone mentioned certificates as a solution, but I am not sure I understand how this helps.


Anyone?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thotsaphon Thu, 10/22/2009 - 10:11
User Badges:
  • Gold, 750 points or more

Joe,

You can do it for sure. What you have to know is that the dynamic-ip side must firstly start sending traffic to the static-ip site. Forgetting about certificates for a while. Let's start finding the "dynamic-map" keyword. You can do it on Cisco IOS firewall or ASA firewall. Let's do some more browsing on Cisco website you will find the way to go.


If I were you,I will check things here : http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html (grin)



HTH,

Toshi


Actions

This Discussion