Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Question about crypto tunnel configuration


I'm hoping someone can answer this question for me.  I would appreciate any input.

Right now, I've got an up/active ipsec-isakmp tunnel to a friend.  We're both using 2621xm routers running IOS 12.4.  However, I have one quick question:

Instead of setting the peer as an IP address, can I specify a domain name?  We're both registered with a Dynamic DNS service as our ISP doesn't provide static IP's.  Is it possible to change the IP address in the ipsec-isakmp settings to a dynamic domain name?

I don't think I'll need to post my config, but I will if I have to.

Thank you very much in advance!




Question about crypto tunnel configuration

There is a quick answer though you will probably not like it: No, this is not possible.

You can use a dns name to configure the IPsec peer ip address but this is a one-time lookup.

The ip address in the dns reply is entered in your config and this is not dynamically updated afterwards.

Sorry but that's how it is. Probably a security related feature.

Think of what one could do with this if it worked like you sugggest.

All it would require is to spoof the dns....



Re: Question about crypto tunnel configuration

You can look into dynamic multipoint VPN, though I don't know about support on a 2621.

Sent from Cisco Technical Support iPad App