Dynamic IP - VPN

anthony.dyne · ‎11-22-2011

Hi

I got a site to site VPN between Two sites with static public IP. I need to plug another site who got dynamic ip

Lets Say Head-Office will establish vpn connection with Salesoffice 1 and Salesoffice 2

SalesOffice 1 got public static IP

SalesOffice 2 got dynamic public IP

VPN between Head-Office to SO1 is working. For SO2 its gonna be dynamic i.e 0.0.0.0 , how to create dynamic crypto map and assign to interface facing internet.

Head-Office VPN Configuration

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key sales address 64.1.1.1

crypto isakmp key sales address 0.0.0.0 0.0.0.0

crypto isakmp keepalive 300

!

crypto ipsec transform-set SO1 esp-des esp-md5-hmac

!

crypto map VPN 2 ipsec-isakmp

set peer 64.1.1.1

set transform-set SO1

match address SO1

interface Tunnel1

description SO1

ip address 192.168.10.2 255.255.255.252

tunnel source fa 0/1

tunnel destination 64.1.1.1

interface fa 0/0

description LAN

ip address 172.20.2.1 255.255.255.0

interface fa 0/1

description INTERNET

ip address 63.97.1.1

crypto map VPN

ip route 0.0.0.0 0.0.0.0 63.97.1.3

ip route 192.168.100.1 255.255.255.255 63.97.1.3

ip access-list extended SO1

permit gre host 63.97.1.1 host 64.1.1.1

smitesh kharecha · ‎11-22-2011

Hi Anthony,

Make the tunnel on loopback IPs (of HO and Sales Office) and do the required routing to reach the Loopback from HO to SO and vice-versa.

HTH,

Smitesh

Thotsaphon Lueangwattanaphong · ‎11-22-2011

Hello,

You can just create Site-To-Site VPN with dynamic IP address at one site other site must be static. In your case, you just do the folllowing document . Keep in mind you need to initiate interesting traffic from STATIC site. In your case it's HQ.

Ref: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f86.shtml

HTH,

Toshi