Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure a LAN-to-LAN VPN tunnel with dynamic IP addresses on both routers

Resolution

In order to configure a LAN-to-LAN Virtual Private Network (VPN) tunnel between two routers with dynamic IP addresses, complete these steps apart from the basic configuration:

  1. Configure the set peer dynamic command on one side of the tunnel with the use of the static crypto map.
  2. On the remote router, configure the dynamic crypto map without the use of the peer statement.

With the use of the set peer dynamic command, the host name of the IP Security (IPsec) peer is resolved through a domain name server (DNS) lookup before the router establishes the IPsec tunnel.

Note: Only a router with a static crypto map can initiate the tunnel with the dynamic DNS resolution of the peer statement.

Refer to the R2 (Cisco 2811 Router) section of Router-to-PIX Dynamic-to-Static IPsec with NAT Configuration Example in order to configure a dynamic crypto map on the router.

Refer to the Mop (Cisco 7204 Router) section of Router-to-PIX Dynamic-to-Static IPsec with NAT Configuration Example in order to configure a static crypto map on the router.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:07 PM
Updated by:
 
Labels (1)