Router to Router VPN - Remote Site hasa public DHCP address

BrianChernish · ‎12-06-2005

I currently have several remote sites that have 2600 or better routers and I use Router to Router VPN GRE tunnels for connectivity back to head office. This works great and by using eigrp each of the private IP adressed subnets are able to "talk to one another".

I now have a situation where I have a senior manager that I would like to VPN his home into head office. The sticking point I have run into is the fact that he has a DHCP provided IP address from his ISP that is subject to change.

Does anyone know if there is a way to have a VPN peer whose public IP is unknown or subject to change? If so could you point me a a good document that might help me?

Thanks,

Brian

gfullage · ‎12-06-2005

You might want to look at DMVPN, this is the preferred method for doing hub-to-spoke topologies with routing over them. You configure only one tunnel on the hub, and you don't need to keep changing it each time you add a new spoke. It works for dynamically-addressed spokes. It also dynamically builds spoke-to-spoke tunnels directly as needed, taking some of the load off the hub.

There is an excellent document on it here:

http://www.cisco.com/warp/public/105/dmvpn.html

It's quite long but well worth the read. There are many, many advatanges to a DMVPN setup over a standard GRE/IPsec config, it'll be a bit of work to change all your configs but it'll be well worth it in the end, particularly if you're planning on adding more spokes in future.