Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
319
Views
4
Helpful
4
Replies

Tunnel interface/ADSL dynamic IP´s

e-alvarez
Level 1
Level 1

‎04-24-2006 09:09 AM - edited ‎03-09-2019 02:42 PM

I have two sites connected to the Internet using ADSL and dynamic IP´s.

Is there any way to configure a tunnel between the routers without using static IP´s?

Perhaps mapping an ip host to a domain name (using a dynamic DNS and ddns updates on the router),

and using that host as the tunnel destination. The tunnel would be used by ODR,

so it would not have to be up all the time nor for long periods of time.

If the IP address of one othe routers would change and drop the

tunnel, the other router could perform dns lookup to resolve the new IP.

Is this scenario possible? How would the config be?

I know that you can configure the tunnel destination using a domain name, but

it is replaced by the resolved ip address in the running config, so the router

would not perform a dns lookup the next time the tunnel is used (...and the ip address

would be outdated).

As always, any info will be much appreciated.

Regards,

Eduardo

Labels:
0 Helpful
4 Replies 4

m.sir
Level 7
Level 7

‎04-24-2006 09:31 AM

I think you need for you scenario TED (tunnel endpoint discovery) - it allows ipsec with dynamic addressed endpoints

check following link"

http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a0080087a9a.html

M.

Hope that helps rate if it does

0 Helpful

e-alvarez
Level 1
Level 1
In response to m.sir

‎04-24-2006 10:37 AM

Thanks for your answer.

As I understood the document, TED helps you avoid configuring the static crypto maps (one for each peer), but does not help you find what address the peer has at the moment. The ip addresses are not assigned dynamically, as in my case. The problem with ADSL and dynamic IP´s is that the destination address changes once in a while.

Am I correct?

0 Helpful

Fernando_Meza
Level 7
Level 7
In response to e-alvarez

‎04-25-2006 12:06 AM

Hi unfortunately I don't think what you are looking for is possible. Depending of the sort of device you are using for terminating the VPN, It is possible to have one end using dynamic IP address but the hub needs to have a static one. A cisco router 1800 for example have the Easy VPN server feature which allows you to create a tunnel without knowing what the other end's IP is. But again the 1800 router itself needs to have a static IP.

e-alvarez
Level 1
Level 1
In response to Fernando_Meza

‎04-27-2006 08:05 AM

Thanks, Fernando.

We´ll get a static address for the hub and possible go with either EasyVPN or IPSec TED.

Thanks for your help

Eduardo

0 Helpful
Customers Also Viewed These Support Documents