Solved: Re: 2801 - 1700 IPSEC VPN ISSUES

peterbertels · ‎09-12-2008

Current set up is Static to Static,

due to ISP changes we are loosing the static on the 1700. If I setup dynamic DNS behind the 1700 could I use a FQDN in the crypo isakmp policy?

i.e.) crypto isakmp key <thekey> address <the FQDN>

and then in the map do

crypto map <name> <#> ipsec-isakmp

set peer <the FQDN>

set transform-set <transform>

the 1700 is an ISDN connection

alternative is going T1 at X2 the cost and buying a WIC, and a plane ticket....

Farrukh Haroon · ‎09-14-2008

Yes you can, you can use different sequence numbers for the two crypto maps. Place the static one first and then the dynamic one.

Regards

Farrukh

View solution in original post

Farrukh Haroon · ‎09-14-2008

With dynamic VPN you don't really need to define the other peer at all. Have a lookat this:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f86.shtml

Regards

Farrukh

peterbertels · ‎09-14-2008

ok but i have current static to static ipsec tunnels... and need to change just one tunnel to use dynamic...

the HQ router is a 2801

will it allow both static and one dynamic crypto maps ?? on the same router ?

pb

Farrukh Haroon · ‎09-14-2008

Yes you can, you can use different sequence numbers for the two crypto maps. Place the static one first and then the dynamic one.

Regards

Farrukh

peterbertels · ‎09-15-2008

Thankyou..

I have have GRE running inside IPSEC...

I added a dynamic-map and then added the crypto map dynamic

then removed the static for that link.. and reloaded the remote router... it still has its old IP address but it did connect... my only concern is that when the IP changes there will be routing issues.

Thank you for your help. It was very helpful to me with a very short time frame.

pb

Farrukh Haroon · ‎09-15-2008

No if everything is setup correctly, there shall be no routing issues.

Regards

Farrukh