cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
481
Views
0
Helpful
5
Replies

site to site vpn over dyanmic ip addresses on both sides

jvalin__s
Level 1
Level 1

Hi Guys,

I just wanted to know whether we can make site-to-site vpn on 2 routers/asa if both sides are having dynamic ip addresses.

its a strange requirement of my client..

I was thinking it is possible if we can do dyn-dns on both the sides but not sure if we can??

Is it possible guys??

Regards,

Jvalin

5 Replies 5

Hi,

I know that you can establish the site to site when one side has a dynamic IP.

But I think that you cannot make a site-2-site vpn with dynamic IPs on both sides.

This is because dynamic crypto maps don't allow you to initiate connections.

If both sides have dynamic crypto maps, who will initiate the connection?

Unfortunately not possible as far as I've seen.

Federico.

but as we configure ezvpn  - the dynamic side only initiates the connection right?

jv

Yes.

WIth EzVPN the dynamic (or client) side initiates the connection (just as a VPN client).

But the configuration on the Hardware Client does not uses dynamic crypto maps, it uses an EzVPN hardware client configuration.

Even EzVPN cannot be established if both sides uses dynamic IPs.

Federico.

but cant we configured using dyn-dns on both the sides?

From what I've seen it won't work,  but I'll have to try it again and see if there's any way now to make it work, because when I did it, everytime an IP changed, the VPN won't come up until clearing the dynamic peer and setting it again.

Federico.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: