Dynamic IP broke my VPN

patman2000 · ‎02-11-2010

I'm not a network guru, just a guy with a question I'm hoping one of you can answer for me.

I've had a working VPN set up a few years ago that has been working fine. Our ISP has recently changed us from a static IP to a dynamic IP.

Just prior to the change, I setup a dynDNS account to point my client software to the proper IP address. That seemed to work fine. It pointed my client software to the static IP.

Once they switched us to dynamic and the IP changed, I can no longer connect. (Client timed out msg).

The tech from the ISP looked at our setup but is not an expert with the PIX 501 and is thinking that it may not support dynamic IP.

He did find where the PIX explicitely configured the static address, but wasn't able to figure out if or how it could be made to work with a dynamic IP.

My question is, will my hardware support the dynamic dns? If so, and since everything was working great for years, is there a fairly simple change that I can make to get it working again?

My hardware is:

PIX Firewall 501 SN: 888 0835 2692

Cisco PIX Firewall Version 6.3(3)

Cisco PIX Device Manager Version 3.0(1)

CISCO Router 827/827-4V SN: JMX0619F143

Thanks,

Patrick

paolo bevilacqua · ‎02-12-2010

I don't think it does. You may need a SW upgrade, for which in turn you need to pay for a support contract.

jyoung · ‎02-12-2010

Is it a client VPN running on the PIX? You will not be able to use the dyndns name in the PIX because it will not query for the address of the record. You should, however be able to configure dhcp on the WAN port of the PIX and be able to adjust the ACLs to allow the VPN traffic with any source and any (or a narrowed range of the DHCP scope) destination to connect to the client VPN.