Re: PIX VPN: Dynamic to dynamic ip

tonny_ecmyy · ‎11-16-2006

Hi guys, can we implement vpn on PIX with dynamic to dynamic ip? If have, can give me a link to configure it.

Thanks

a.kiprawih · ‎11-16-2006

Not sure of it's possible, as it normally need one end to have static IP.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a0080094680.shtml

There's a feature called DMVPN for dynamic VPN connectivity, but only for routers.

HTH

AK

Patrick Iseli · ‎11-16-2006

Yes, this is possible.

use one of the Remote access VPN setups and use a DynDNS client to update your VPN Servers IP address to a DNS entry.

example configurations:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

suggested setup:

How to Configure the Cisco VPN Client to PIX with AES:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml

DynDNS Software:

http://www.no-ip.com/

http://www.no-ip.com/downloads.php

sincerely

Patrick

a.kiprawih · ‎11-16-2006

BTW, do you mean dynamic VPN for site-to-site, or remote access?

For remote access (by vpn client), this is possible & common. For site-to-site, this is rare.

HTH

AK

tonny_ecmyy · ‎11-17-2006

I'm going to implement site-to-site vpn with pix, Both site A & B using dynamic ip, i can do that with linksys router using no-ip, but not sure with pix-to-pix because so far what i know pix using ip address to set the peer and receive the peer, eg.

pixA

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0

pixB

crypto map mymap 10 set peer 200.x.x.x

isakmp ket ******** address 200.x.x.x

Not sure if can replace address with domain name instead :) he..he..he

Thanks

Patrick Iseli · ‎11-17-2006

No, you cannot replace the IP by a DNS name.

tonny_ecmyy · ‎11-17-2006

Alright guys, thanks for the info.