cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1113
Views
0
Helpful
6
Replies

Special VPN endpoint configuration

Zsolt Kendi
Level 1
Level 1

Dear Everybody!

 

Some Internet service provider are provide service with dynamic address behind a NAT router.

This mean address of my VPN router RV1xx are double dynamic.

Other words router's WAN address is not equalt with the address from internet network.

Therefore dynamic DNS is uselss for me.

 

According I try to setup VPN tunnel where router A have static IP address, router B have double dynamic IP address. Again, I cant have chance to use dyndns.

In theory this is not a problem, because traffic (VPN setup) is always initiated by router B, never by router A.

Then I set router B remote (endpoint) IP address to static address of router A. This is fine.

But what can I set to router A remote (endpoint) IP address field?

The empty address filed, the 0.0.0.0 and the 127.0.0.1 are invalid.

 

Thanks for any advise.

 

Zsolt Kendi

6 Replies 6

wycalero
Cisco Employee
Cisco Employee

Good Morning,

 

You will need to enter the Public IP that you are getting on the modem into the remote IP space on the router configuration.

 

After this you need to configure a port forwarding on the modem for ports 500 and 4500 that are used for the VPN connection pointing to the IP that you are receiving on the WAN of the RV from the modem of your ISP.

 

Regards.

 

Regards.

I done some negotiation with ISP. As result they are removed ISP NAT.

 

This can be solve the problem but bug CSCvh02816 is prevent to use SBR is dynamic address environment.

Remark: this bug are deny to use FQDN as remote endpoint reference.

 

Any idea to worakround?

 

kzsolt

 

Good Morning,

 

We already have a resolution for the Bug CSCvh02816 you are welcome to open a case with tech support on order to get the resolution.

 

Regards.

Dear Mr. Wycalero!

I'm sure more hundred customer in the world are welcome resolution or workaround for this problem. Can you share it here or at Bug CSCvh02816 discussion?

kzsolt

Good Morning,

 

We have a Beta firmware for this issue that is currently available for all customers that open a ticket with tech support making reference to this Bug ID CSCvh02816, is under evaluation that is way is still not available on the Cisco Website but we have confirm that solved this problem.

 

Regards. 

Dear Ms. Wycalero!

First of all sorry for the "Mr."!

Unfortunately our router system contain more unattended station. To downgrade firmware need to travel 3+3 hour by car. It is not a good platfrom for beta testing.
Therefore we waintig for next release (1.0.3.29). Until we VPN less configuration.

Best Regads, Zsolt Kendi