Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Dynamic IP - VPN

Hi

I got a site to site VPN between Two sites with static public IP. I need to plug another site who got dynamic ip

Lets Say Head-Office will establish vpn connection with Salesoffice 1 and Salesoffice 2

SalesOffice 1 got public static IP

SalesOffice 2 got dynamic public IP

VPN between Head-Office to SO1 is working. For SO2 its gonna be dynamic i.e 0.0.0.0 , how to create dynamic crypto map and assign to interface facing internet.

Head-Office VPN Configuration

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key sales address 64.1.1.1

crypto isakmp key sales address 0.0.0.0 0.0.0.0

crypto isakmp keepalive 300

!

!

crypto ipsec transform-set SO1 esp-des esp-md5-hmac

!

crypto map VPN 2 ipsec-isakmp

set peer 64.1.1.1

set transform-set SO1

match address SO1

interface Tunnel1

description SO1

ip address 192.168.10.2 255.255.255.252

tunnel source fa 0/1

tunnel destination 64.1.1.1

interface fa 0/0

description LAN

ip address 172.20.2.1 255.255.255.0

interface fa 0/1

description INTERNET

ip address 63.97.1.1

crypto map VPN

ip route 0.0.0.0 0.0.0.0 63.97.1.3

ip route 192.168.100.1 255.255.255.255 63.97.1.3

ip access-list extended SO1

permit gre host 63.97.1.1 host  64.1.1.1

2 REPLIES

Dynamic IP - VPN

Hi Anthony,

Make the tunnel on loopback IPs (of HO and Sales Office) and do the required routing to reach the Loopback from HO to SO and vice-versa.

HTH,

Smitesh

Dynamic IP - VPN

Hello,

     You can just create Site-To-Site VPN with dynamic IP address at one site other site must be static.  In your case, you just do the folllowing document . Keep in mind you need to initiate interesting traffic from STATIC site. In your case it's HQ.

Ref: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f86.shtml

HTH,

Toshi

292
Views
0
Helpful
2
Replies