Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3464
Views
0
Helpful
5
Replies

VPN with Dynamic IPs. How to use DNS ?

Go to solution
ioanniatr
Level 1
Level 1

‎11-07-2010 05:33 AM

hi,

I have setup a site-to-site IPSec VPN between two cisco routers with Static public IPs. I notice that i can use hostnames instead IPs for cases with point-to-multipoint or Dynamic IPs. In that cases i can use this commands to setup VPN:

(config)#crypto isakmp identity hostname

(config)#crypto isakmp key XXXXX hostname "Remote_name"

(config-crypto-map)# set peer "Remote_name"

I also notice that i can use a cisco router as a DNS, and i can add host records with:

ip host "Remote_Name" "IP address"

Actually I want one router to work with Static Public IP ( Router_A ) and one with Dynamic Public IP (Router_B) from ISP. So maybe i can set Router with Static IP to work as DNS server. I know how DynDNS works with an account and software update client on a PC/server, but I've never used DNS hardware update clients and i don't know what steps i must follow to implement this.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Praveena Shanubhogue
Level 1
Level 1
In response to ioanniatr

‎11-08-2010 05:43 AM

Hi John,

The section in the link below should help you configure DDNS on your router:

(Refer to Http Update example)

http://www.cisco.com/en/US/docs/ios/12_3/12_3y/12_3ya8/gt_ddns.html#wp1203580

This link shows an abstract conifg:

http://www.no-ip.com/support/guides/routers/using_cisco_routers_with_no-ip.html

For Dynamic to Static VPN refer to this link (this does not require DDNS):

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f86.shtml

HTH

Regards,

Praveen

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-07-2010 11:30 AM

Hi,

You're correct.

Another option will be to configure a Static-to-dynamic IPsec L2L tunnel between both sites.

This will be a regular Site-to-Site configuration on the dynamic side and a client configuration on the static site.

Also using EzVPN will work as well.

Federico.

0 Helpful

Go to solution
ioanniatr
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-07-2010 01:01 PM

hi,

Can you give me more details about this ?

I known that i can set DNS IP with:

  (Router_A)# ip name-server "DNS IP"

How do i set a (Static) Router to act as DNS Server ? How can i set a (Dynamic) Router to send hostname/IP updates to DNS server/Router ?

0 Helpful

Go to solution
ioanniatr
Level 1
Level 1
In response to ioanniatr

‎11-08-2010 05:26 AM

hi,

I found out how to set a router act as DNS server:

ip dns server

ip domain name "myDomain"

ip dns primary "myDomain" soa "Server IP or hostname" "postmaster e-mail"

ip host "hostname" "IP"

Now i'm missing only the part of DDNS updates from clients

0 Helpful

Go to solution
Praveena Shanubhogue
Level 1
Level 1
In response to ioanniatr

‎11-08-2010 05:43 AM

Hi John,

The section in the link below should help you configure DDNS on your router:

(Refer to Http Update example)

http://www.cisco.com/en/US/docs/ios/12_3/12_3y/12_3ya8/gt_ddns.html#wp1203580

This link shows an abstract conifg:

http://www.no-ip.com/support/guides/routers/using_cisco_routers_with_no-ip.html

For Dynamic to Static VPN refer to this link (this does not require DDNS):

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f86.shtml

HTH

Regards,

Praveen

0 Helpful

Go to solution
ioanniatr
Level 1
Level 1
In response to Praveena Shanubhogue

‎11-08-2010 07:29 AM

hi Praveen,

Great !! This was more than complete answer. I was looking to the internet, anything that has to do with DNS it's completely chaos. Especially the 3rd link was exactly all that i needed. Thanks to you now i have complete image of what is going on.

Thanks,

John

0 Helpful
Customers Also Viewed These Support Documents