Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
233
Views
0
Helpful
1
Replies

IPSec VPN with Dynamic Address

visitor68
Level 4
Level 4

‎10-22-2009 10:00 AM - edited ‎03-06-2019 08:15 AM

Hi, experts:

I need to create a site to site VPN, but there is one caveat: one end will have a dynamic external interface IP address.

BESIDES DMVPN, is there another way of working around that?

How can I get the two routers to establish an IPSec tunnel betwen them if one router does not know how to reach the other? How can IKE phase 1 create an SA?

Someone mentioned certificates as a solution, but I am not sure I understand how this helps.

Anyone?

Thanks

Labels:
0 Helpful
1 Reply 1

Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎10-22-2009 10:11 AM

Joe,

You can do it for sure. What you have to know is that the dynamic-ip side must firstly start sending traffic to the static-ip site. Forgetting about certificates for a while. Let's start finding the "dynamic-map" keyword. You can do it on Cisco IOS firewall or ASA firewall. Let's do some more browsing on Cisco website you will find the way to go.

If I were you,I will check things here : http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html (grin)

HTH,

Toshi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card