Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

site to site vpn over dyanmic ip addresses on both sides

Hi Guys,

I just wanted to know whether we can make site-to-site vpn on 2 routers/asa if both sides are having dynamic ip addresses.

its a strange requirement of my client..

I was thinking it is possible if we can do dyn-dns on both the sides but not sure if we can??

Is it possible guys??

Regards,

Jvalin

5 REPLIES

Re: site to site vpn over dyanmic ip addresses on both sides

Hi,

I know that you can establish the site to site when one side has a dynamic IP.

But I think that you cannot make a site-2-site vpn with dynamic IPs on both sides.

This is because dynamic crypto maps don't allow you to initiate connections.

If both sides have dynamic crypto maps, who will initiate the connection?

Unfortunately not possible as far as I've seen.

Federico.

Community Member

Re: site to site vpn over dyanmic ip addresses on both sides

but as we configure ezvpn  - the dynamic side only initiates the connection right?

jv

Re: site to site vpn over dyanmic ip addresses on both sides

Yes.

WIth EzVPN the dynamic (or client) side initiates the connection (just as a VPN client).

But the configuration on the Hardware Client does not uses dynamic crypto maps, it uses an EzVPN hardware client configuration.

Even EzVPN cannot be established if both sides uses dynamic IPs.

Federico.

Community Member

Re: site to site vpn over dyanmic ip addresses on both sides

but cant we configured using dyn-dns on both the sides?

Re: site to site vpn over dyanmic ip addresses on both sides

From what I've seen it won't work,  but I'll have to try it again and see if there's any way now to make it work, because when I did it, everytime an IP changed, the VPN won't come up until clearing the dynamic peer and setting it again.

Federico.

210
Views
0
Helpful
5
Replies
CreatePlease to create content