cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5466
Views
0
Helpful
10
Replies

Configure Site-to-Site VPN with dynamic IP on one side!

ittechk4u1
Level 4
Level 4

Hello Experts,

 

I want to configure  a IPSec tunnel with dynamic IP on remote site.

 

HQ (HUB)----------Remote Location

 

Here is my layout:

Dyn_IPsec.PNG

 

Info: HUB is using static IP routing for public IP routes, so its really hard to route a unknow IP!!! (Biggest issue) and i have a default router to our LAN from HQ router.

Thanks in advance.

 

10 Replies 10

Hello,

 

 

have a look at the configuration example below:

 

CONFIGURING CISCO SITE TO SITE IPSEC VPN WITH DYNAMIC IP ENDPOINT CISCO ROUTERS

 

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/936-cisco-router-vpn-dynamic-endpoint.html

thanks for quick answer.

 

But my main issue is routing on HQ router!!

 

I do i route the dynamic ip from HQ routers as i do not have specific IP!!!

 

Thanks

 

But my main issue is routing on HQ router!!

I do i route the dynamic ip from HQ routers as i do not have specific IP!!!

What is your meaning with routing with WAN IP address? You can implement a default route also from the ISP 2.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Sorry for typo.

 

I am routing WAN IP address for all 40 location statically (next hop is ISP and ISP2).

 

There is one default route available on HQ router and that is towards LAN: 0/0 10.18.2.254

 

Thanks

 

 

 

Hello,

 

all you need is a default route pointing to the outgoing interface on both the remote site and the HQ site...

 

ip route 0.0.0.0 0.0.0.0 interface X

Thanks again.

Problem is I already have a default route on HQ router towards LAN.

 

====================

ip route 0.0.0.0 0.0.0.0 10.18.2.254

====================

 

 

Thanks

 

 

Hello,

 

is that default route actually needed ? Typically, the LAN would be on a directly connected interface...

I think we need it.

 

Please have a look on the topology:

Dyn_IPsec.PNG

Thanks

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

The LAN to Remote site route will be done using the Tunnel interface IP address neither a public IP address and tunnel mode will be point-to-multipoint. 

HQ Configuration will be like for Dynamic Remote (Spoke) IP address as:

 

interface Tunnel0
description mGRE - DMVPN Tunnel
ip address 172.16.0.1 255.255.255.0
no ip redirects
ip nhrp authentication firewall
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 1.1.1.1 <Interface WAN Interface IP>
tunnel mode gre multipoint

 

 

Spoke Tunnel configuration as:

 

interface Tunnel0

 description R2 mGRE - DMVPN Tunnel
 ip address 172.16.0.2 255.255.255.0
 no ip redirects
 ip nhrp authentication firewall
 ip nhrp map multicast dynamic
 ip nhrp map 172.16.0.1 1.1.1.1
 ip nhrp map multicast 1.1.1.1
 ip nhrp network-id 1
 ip nhrp nhs 172.16.0.1
 tunnel source FastEthernet0/1  <WAN Interface which is having dynamic IP address>
 tunnel mode gre multipoint
 
You can implement Dynamic routing or Static route as per your environment and destination host will be a tunnel interface. 
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Agree with you.

 

here are my config:

 

Remote:

 

Int gig0/0/2
desc *** Cradelpoint Router ***
ip address DHCP --> 37.85.167.30
ip mtu 1300
ip access-group internet in
ip tcp adjust-mss 1260
negotiation auto
no shut
!
int Tunnel 599
ip address 10.13.97.99 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication CRALTE
ip nhrp map 10.13.97.4 195.243.205.120
ip nhrp map multicast 195.243.205.120
ip nhrp network-id 99
ip nhrp holdtime 300
ip nhrp nhs 10.13.97.4
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0/2
tunnel mode gre multipoint
tunnel key 99
!
ip route 195.243.205.120 255.255.255.255 gig0/0/2 DHCP

---------------------------------------------------------------------------

HQ:

interface Tunnel599
ip address 10.13.97.4 255.255.255.0
no ip redirects
ip nhrp authentication CRALTE
ip nhrp map multicast dynamic
ip nhrp network-id 99
ip nhrp holdtime 300
ip tcp adjust-mss 1360
tunnel source 195.243.205.120
tunnel mode gre multipoint
tunnel key 99
!
ip route <?> 255.255.255.255 195.243.205.99 name LTE_BKP_99

 

 

my issue is routing on HQ router! (I am using static IP routing for all other 40 locations)

 

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: