Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN with dynamic IP

Hi there:

A quick question about configuring a VPN Server on C871. Is it possible to set up a VPN using Dynamic IPs? The Box do get a new IP from the ISP every 24 hours. Is a VPN possible under these circumstances? Is DYNDNS helpful?

Thank you!


Re: VPN with dynamic IP

There sure is. Here is a typical GRE over IPSec config, the commands in bold are to support DHCP.

version 12.3


hostname Spoke1


crypto isakmp policy 1

authentication pre-share

crypto isakmp key cisco47 address


crypto ipsec transform-set trans2 esp-des esp-md5-hmac

mode transport


crypto map vpnmap1 local-address Ethernet0

crypto map vpnmap1 10 IPsec-isakmp

set peer

set security-association level per-host

set transform-set trans2

match address 101


interface Tunnel0

bandwidth 1000

ip address

ip mtu 1400

ip nhrp authentication test

ip nhrp map

ip nhrp network-id 100000

ip nhrp holdtime 300

ip nhrp nhs

delay 1000

tunnel source Ethernet0

tunnel destination

tunnel key 100000


interface Ethernet0

ip address dhcp hostname Spoke1

crypto map vpnmap1


interface Ethernet1

ip address


router eigrp 1



no auto-summary


access-list 101 permit gre host

The ACL points to an entire source SUBNET, not just a GRE tunnel host address endpoint. The reason is that your ISP will probably assign an IP address from a designated subnet, which you can find out about from them.



New Member

Re: VPN with dynamic IP

Well first of all I like to thank you for your explanation. But actually I do not get it. What I like to do is to establish a VPN Server on my c871 to access the internal Network behind it. Only Dial-UP Clients shall be able to access the VPN.

The C871 is connected through PPPoE to the ISP who changes the IP every 24 hours. I.e. at the moment that is As the client in the field is not aware of the current IP how is it able to dial in?

So once again, is it possible to set up a dial-up VPN server with dynamic IPs assigned by the ISP? Or is a static IP compulsary?

Hope you can help.



Re: VPN with dynamic IP

Sorry, Andy.

I misunderstood what you were asking.

I dont have an answer to your question.