To add to Jonathan's post, you may consider to register your dynamic WAN ip address to the dyndns service. Then you should be able to use the option  Dynamic IP + Domain Name (FQDN) Authentication

-Tom
Please rate helpful posts

Thanks for the replies

I tried setting these up before updating the firmware as well as after updating the firmware.  I also wiped the devices after the firmware updates and set this up again.

My client would prefer not to have to get a static IP since it would more than double their internet bill for that particular office.  I have another setup with a dynamic IP on one end and the email authentication works fine, these are however older RV042s with a version 2.x firmware. 

I tested both with email authentication and by setting up a dyndns address and using that as the FQDN to register.  Both configurations give the same error.  I'll take screenshots of the settings when I get a chance but I've reconfigured this from scratch at least 4 times now and verified the settings many times over so I'm really doubting it's a configuration error at this point.

Here's some screenshots, hopefully I'm overlooking something simple.  Address and domain names were copied and pasted so not much chance of a typo.  Also I verified on the router with the static IP under the diagnostic section it is able to resolve the IP based on the dyndns domain name.

Static office setup

Dynamic office setup

try both by IP only and IP by DNS resolved.  Thats how I've done it

Les

This is indeed the way i did it too and it worked for me

Sent from Cisco Technical Support iPad App

Weird but things started working over the weekend with no changes.

The VPN summary page now shows the IP resolved to the dyndns FQDN instead of 0.0.0.0.  Seems there's a delay in the VPN software resolving the IP?  I'm not sure what to make of it but it's working now with one site authenticating by IP and the other by IP and FQDN.

Thanks for everybody's responses.

I can conform the above problem which I am having too.

I have two brand new RV042G routers both of which are running the latest firmware (v4.2.1.02 (Jan 18 2012 14:10:55)). They both get a dynamic ip address and therefore both have dyndns.org service enabled and are correctly updating there respective IP addresses with dyndns. Both also have PPTP servers enabled and I can connect to these servers from the outside using their dyndns.org names. This means that each router is updating dyndns with its respective IP addresses and dyndns is resolving the appropriately as well.

Now here is the problem which is exactly what Eli was having too. When I try to establish a gateway-to-gateway VPN between these two routers using dynamic-ip + FDQN it appears the router does not resolve the IP address of the remote (I simply see 0.0.0.0 for the remote gateway under the .dyndns.org name of the host). This is happening at both ends of the tunnel. Neither router is resolving the name of the remote router. If I change to IP-Only and give the IP address of the routers the tunnel works great. (My dynamic IP changes about twice a day so that is why I cannot leave these as static).

It appears the problem is that somewhere the router is not resolving the dyndns names. I am not sure why/how things started working for Eli all of a sudden but for me they are still not working.

Interestingly when I go to the diagnostics tool on the router webmanagement page I can "Ping" the remote router using the dyndns name so the router is obviously able to resolve the name if it wants to. I think somewhere for some reason the VPN gateway-to-gateway tunnel portion does not want to.

I would really appreciate if someone could provide some insight.

I have tried to restart, wipe and update a lot of times so no I don't think that is the problem. I seriously think there is a bug somewhere in the router code.

I can conform the above problem which I am having too.

I have two brand new RV042G routers both of which are running the latest firmware (v4.2.1.02 (Jan 18 2012 14:10:55)). They both get a dynamic ip address and therefore both have dyndns.org service enabled and are correctly updating there respective IP addresses with dyndns. Both also have PPTP servers enabled and I can connect to these servers from the outside using their dyndns.org names. This means that each router is updating dyndns with its respective IP addresses and dyndns is resolving the appropriately as well.

Now here is the problem which is exactly what Eli was having too. When I try to establish a gateway-to-gateway VPN between these two routers using dynamic-ip + FDQN it appears the router does not resolve the IP address of the remote (I simply see 0.0.0.0 for the remote gateway under the .dyndns.org name of the host). This is happening at both ends of the tunnel. Neither router is resolving the name of the remote router. If I change to IP-Only and give the IP address of the routers the tunnel works great. (My dynamic IP changes about twice a day so that is why I cannot leave these as static).

It appears the problem is that somewhere the router is not resolving the dyndns names. I am not sure why/how things started working for Eli all of a sudden but for me they are still not working.

Interestingly when I go to the diagnostics tool on the router webmanagement page I can "Ping" the remote router using the dyndns name so the router is obviously able to resolve the name if it wants to. I think somewhere for some reason the VPN gateway-to-gateway tunnel portion does not want to.

I would really appreciate if someone could provide some insight.

I have tried to restart, wipe and update a lot of times so no I don't think that is the problem. I seriously think there is a bug somewhere in the router code.

Did you try using IP only for the remote security group and then IP by DNS resolved?  That works for me.

Hey Les ... I am not sure if I quite understand.

So here is what I have:

Router 1: Local Security Gateway: Dynamic IP + FDQN

              Domain Name: router1.dyndns.org

              Remote Security Gateay: Daynamic IP + FDQN

              Domain Name: router2.dydns.org

Router 2: Local Security Gateway: Dynamic IP + FDQN

              Domain Name: router2.dyndns.org

              Remote Security Gateay: Dynamic IP + FDQN

              Domain Name: router1.dydns.org

Router 1 and 2 both get dynamic IP on ther WAN ports.

How would you recommend chaning this scheme ??

Cheers

Harry

Router 1: Local Security Gateway: Dynamic IP + FDQN

              Domain Name: router1.dyndns.org

              Remote Security Gateay: IP by dns resolved 

              Domain Name: router2.dydns.org

Router 2: Local Security Gateway: Dynamic IP + FDQN

              Domain Name: router2.dyndns.org

              Remote Security Gateay: IP by dns resolved

              Domain Name: router1.dydns.org

I assume the local gateway is resovling correctly on both, if not just manually input the IP for now

Nope still does not work. Here is what I get in the error logs

Hey Les ... I took your advise and tried your setting ... didnt work .. got the errors above. Then the last line of your reply caught my attention and I tried the following:

Router 1: Local Security Gateway: IP

              Domain Name: xxx.xxx.xxx.xxx   <-- This has the WAN IP address automatically placed for router 1

              Remote Security Gateay: IP by dns resolved

              Domain Name: router2.dydns.org

Router 2: Local Security Gateway: IP

              Domain Name: yyy.yyy.yyy.yyy <-- This has the WAN IP address automatically placed for router 2

              Remote Security Gateay: IP by dns resolved

              Domain Name: router1.dydns.org

With the setting above voila it works. This tells me that most definitely the problem has to do with the Dynamic + FDQN. I still cannot figure why the router cannot resolve dynamic hostnames.

Even though this tunnel is working right now I feel it will fail the moment the WAN IP changes on router 1 or 2 because as of right now the tunnel contruct makes it look like that the local end of each tunnel is static ip which is not.