Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

2801 - 1700 IPSEC VPN ISSUES

Current set up is Static to Static,

due to ISP changes we are loosing the static on the 1700. If I setup dynamic DNS behind the 1700 could I use a FQDN in the crypo isakmp policy?

i.e.) crypto isakmp key <thekey> address <the FQDN>

and then in the map do

crypto map <name> <#> ipsec-isakmp

set peer <the FQDN>

set transform-set <transform>

the 1700 is an ISDN connection

alternative is going T1 at X2 the cost and buying a WIC, and a plane ticket....

1 ACCEPTED SOLUTION

Accepted Solutions

Re: 2801 - 1700 IPSEC VPN ISSUES

Yes you can, you can use different sequence numbers for the two crypto maps. Place the static one first and then the dynamic one.

Regards

Farrukh

5 REPLIES

Re: 2801 - 1700 IPSEC VPN ISSUES

With dynamic VPN you don't really need to define the other peer at all. Have a lookat this:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f86.shtml

Regards

Farrukh

Community Member

Re: 2801 - 1700 IPSEC VPN ISSUES

ok but i have current static to static ipsec tunnels... and need to change just one tunnel to use dynamic...

the HQ router is a 2801

will it allow both static and one dynamic crypto maps ?? on the same router ?

pb

Re: 2801 - 1700 IPSEC VPN ISSUES

Yes you can, you can use different sequence numbers for the two crypto maps. Place the static one first and then the dynamic one.

Regards

Farrukh

Community Member

Re: 2801 - 1700 IPSEC VPN ISSUES

Thankyou..

I have have GRE running inside IPSEC...

I added a dynamic-map and then added the crypto map dynamic

then removed the static for that link.. and reloaded the remote router... it still has its old IP address but it did connect... my only concern is that when the IP changes there will be routing issues.

Thank you for your help. It was very helpful to me with a very short time frame.

pb

Re: 2801 - 1700 IPSEC VPN ISSUES

No if everything is setup correctly, there shall be no routing issues.

Regards

Farrukh

164
Views
0
Helpful
5
Replies
CreatePlease to create content