Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco 2821 IPSec, can i use a dyndns name as 'set peer'? Dynamic IP IPSec?

Unanswered Question
Mar 13th, 2006
User Badges:


I've got a Linksys Rv042 at a remote site, connected to a standard DSL service (dynamic public IP address) and I've got that RV042 setup to do Dynamic DNS and to also do an IPSec VPN back to my main office which is running an 2821 on a static public ip address. I've got the vpn setup and working between these two devices, but whenever the IP address at the remote site (RV042) changes, the VPN has to be reconfigured on the 2821 (really just the 'set peer' field in the crypto map)....is there anyway to have the 2821 use the dynamic dns name rather than the ip address? I've tried the 'set peer name' in the crypto map, but it does a dns lookup immediately and then populates set peer with the current ip, and then never looks up that name again. Is there any way to do this? Thanks.

Jason Humes

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
froggy3132000 Mon, 03/13/2006 - 16:55
User Badges:
  • Bronze, 100 points or more

No, you have to do somehting like this:

crypto isakmp key cisco123 address

schlemmer Fri, 03/24/2006 - 02:40
User Badges:


you have to configure the "dynamic" keyword in the crypto map after the dns-name of the remote peer.


set peer myname.dyndns.org dynamic


we have currently a problem with the dyndns updates and the cryptop map. Maybe it is a problem, because we have Dynamic Ip Addresses on both sides. But give the example above a try, i don't know if it works finde when one site is static ip addressed.

froggy3132000 Fri, 03/24/2006 - 06:05
User Badges:
  • Bronze, 100 points or more

I am running 12.3, I believe this command is only available in 12.4 I could be wrong though.


This Discussion