Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
3
Helpful
2
Replies

Dynamic DNS

jacquesd
Level 1
Level 1

‎05-10-2006 08:58 AM - edited ‎03-09-2019 02:52 PM

Hi Guys,

We have a business partner which uses a NetGear box and ADSL. They use DDNS to establish VPN connections with their own partners, which also (presumably) use NetGear boxes that support DDNS.

I have been searching for ways to support this on PIX 7.0, but cannot find the answer. Is there a way to do this with PIX?

Also, just another question regarding crypto maps. If you have the following configured on the same box:

access-list 100 permit ip 10.1.0.0 255.255.255.0 172.16.1.0 255.255.255.0

which is used by a crypto map and

ip route 172.16.1.1 255.255.255.255 s0

which points a host in that network out an entirely different interface, what will the result be once the tunnel is formed? Would the map or route get preference?

Thanks!

Jacques

Labels:
0 Helpful
2 Replies 2

Fernando_Meza
Level 7
Level 7

‎05-10-2006 09:00 PM

Hi ... In regards to the DDNS question .. I don't think the PIX can do that as it would have to refer to a FQDN as the peer for a VPN tunnel which is not supported. As long as I am aware you can only refer to an IP address or hostname ( previously defined with the name command on the PIX ).

The second question:

The access-list defines the traffic that will be encrypted when it traverses the interface to which the crypto map has been applied to. If the traffic does not traverse the interface to which the map has been aplied then that traffic will not be encrypted.

Does this answer your question ..? If you want to exempt traffic for this host from encryption then I suggest you to exclude that from the access-list using the deny option.

I hope it helps ... please rate if it does.

jacquesd
Level 1
Level 1
In response to Fernando_Meza

‎05-11-2006 08:06 AM

Hi Fernando,

My initial thought was that the 'hostname' parameter of an ACL could be a FQDN, but found out that it is only hosts defined with 'name'. I guess we will have to come up with another idea or wait and see if it is going to be implemented some time.

Doesn't the crypto maps also (help to) determine where the traffic must be sent (which will be the peer)? I guess my question is if this conflics with a route in the routing table, which one takes preference?

Thanks!

Jacques

0 Helpful
Customers Also Viewed These Support Documents