Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-To-Site VPN - Dynamic IP Addresses

Is it possible to set up a site-to-site IPSec tunnel in which both sites have a dynamic IP address. Each site has a DNS name associated with it.

I am looking at the preshared authentication key commands and they don't seem to support a domain name.

crypto isakmp key keystring address peer-address [mask]

crypto isakmp key keystring hostname peer-hostname

6 REPLIES
Hall of Fame Super Silver

Re: Site-To-Site VPN - Dynamic IP Addresses

Ray

It is my understanding that in the site to site IPSec VPN one of the sites needs to have a static IP address. You can work around the pre-shared key on one side by specifying address and mask of 0.0.0.0 0.0.0.0. But I do not believe that you can do that on both sides.

HTH

Rick

New Member

Re: Site-To-Site VPN - Dynamic IP Addresses

Can you define a hostname in the configuration file which will use the domain name instead of a IP address? Then you could use the hostname when referring the sites IP address. Is this possible?

Hall of Fame Super Silver

Re: Site-To-Site VPN - Dynamic IP Addresses

Ray

While I know that some commands in IOS will accept a host name as input instead of an address I am not clear whether the IPSec commands do. And even if they do I believe that it will not accomplish what you need.

It is my understanding that the commands that do accept a hostname as input will resolve the name to an address when the router boots and after that will use the resolved address. So when the router boots it might resolve the address of a peer. But if the peer address then dynamically changed the router would not adjust its peer address.

HTH

Rick

New Member

Re: Site-To-Site VPN - Dynamic IP Addresses

Thanks for your reponse!

New Member

Re: Site-To-Site VPN - Dynamic IP Addresses

"It is my understanding that the commands that do accept a hostname as input will resolve the name to an address when the router boots and after that will use the resolved address."

Is this an IOS feature? Would this be true for all of Cisco routers?

Hall of Fame Super Silver

Re: Site-To-Site VPN - Dynamic IP Addresses

Ray

As far as I know it is an IOS feature and would be true of all Cisco IOS routers.

HTH

Rick

186
Views
5
Helpful
6
Replies