Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can the peer address of a router for a VPN be a DNS name?

On a Cisco router (877,1841) in VPN mode can a DNS name be used instead of an IP for the peer address, just means if we change our IP they connect to it will mean I don't have to edit every single router?

Thansk

1 REPLY

Re: Can the peer address of a router for a VPN be a DNS name?

Hi,

The commands has options only for IP Address and Hostname

!

crypto isakmp key string [address|hostname]

!

crypto map map-name isakmp authorization list list-name

set peer [address|hostname]

How often you change the router IP Address? Unless you keep restructuring your network or keep changing ISP, you will keep on changing IP Address.

If FQDN is allowed, there are some issues;

- An attacker (with prior knowledge of your VNP setup) can change the 'A' record in the DNS to point to their IP Address.

- The router should not lose connection to a DNS to prevent disconnection of VPN peer.

Regards,

Dandy

139
Views
0
Helpful
1
Replies