Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Router to PIX VPN when router has dynamic WAN address?

Is it possible to setup a router to PIX VPN when the router is obtaining a dynamic WAN interface address (in this case ISDN dial-up)?

If so, has anyone done this? How do you define the peer when you don't know the peer address? Is it possible to allow any host to create a tunnel provided that the pre-shared key is known?

3 REPLIES
New Member

Re: Router to PIX VPN when router has dynamic WAN address?

I didn't do it with a PIX and a router but I did it with 2 routers. All you have to do is define the router in PIX configuration as a remote access device using the wildcard 0.0.0.0. i.e (crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0)

The answer to the second question is yes, it is possible.

New Member

Re: Router to PIX VPN when router has dynamic WAN address?

You say yes it's possible, but can it be bi-directional? Wouldn't it only work if the pix with the dynamic address initiated the tunnel?

New Member

Re: Router to PIX VPN when router has dynamic WAN address?

It is not bi-directional if you mean that anyone can start the VPN.

Only the device with the dinamic IP address can initiate the VPN, because the other one has no knowledge of peer IP address where to start the VPN. If you need to start the tunnel from any point what you can do is put on the VPN a permanent data (keepalives, routing updates, etc) once you establish the tunnel by first time. This way you will force the tunnel to be always up and if the ISP changes your IP address this pemanent data should bring up the tunnel again. Hope this help.

84
Views
0
Helpful
3
Replies
CreatePlease login to create content