Cisco Support Community
Community Member

Dynamic DNS

Hi Guys,

We have a business partner which uses a NetGear box and ADSL. They use DDNS to establish VPN connections with their own partners, which also (presumably) use NetGear boxes that support DDNS.

I have been searching for ways to support this on PIX 7.0, but cannot find the answer. Is there a way to do this with PIX?

Also, just another question regarding crypto maps. If you have the following configured on the same box:

access-list 100 permit ip

which is used by a crypto map and

ip route s0

which points a host in that network out an entirely different interface, what will the result be once the tunnel is formed? Would the map or route get preference?




Re: Dynamic DNS

Hi ... In regards to the DDNS question .. I don't think the PIX can do that as it would have to refer to a FQDN as the peer for a VPN tunnel which is not supported. As long as I am aware you can only refer to an IP address or hostname ( previously defined with the name command on the PIX ).

The second question:

The access-list defines the traffic that will be encrypted when it traverses the interface to which the crypto map has been applied to. If the traffic does not traverse the interface to which the map has been aplied then that traffic will not be encrypted.

Does this answer your question ..? If you want to exempt traffic for this host from encryption then I suggest you to exclude that from the access-list using the deny option.

I hope it helps ... please rate if it does.

Community Member

Re: Dynamic DNS

Hi Fernando,

My initial thought was that the 'hostname' parameter of an ACL could be a FQDN, but found out that it is only hosts defined with 'name'. I guess we will have to come up with another idea or wait and see if it is going to be implemented some time.

Doesn't the crypto maps also (help to) determine where the traffic must be sent (which will be the peer)? I guess my question is if this conflics with a route in the routing table, which one takes preference?



CreatePlease to create content