Site to Site VPN between Cisco and Netgear with FQDN IP Address Resolution

plussier1 · ‎03-15-2016

Hi, I would like to know if it's possible to do Site-To-Site VPN using Dyndns for IP address Resolution.

ITried but doesn't work when I replace the Peer IP address by the domain name.

See the exemple bellow.

For the Netgear= netgear.getmyip.com

For the Cisco= cisco881.getmyip.com

#1) Config on the Cisco 881 ( Dual WAN, WAN-1 and integrated 3G Internet access with Fixe IP )

crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 28800

crypto isakmp key testcisco881 hostname netgear.getmyip.com

( Doesn't work when i put this ) But I need this because the peer IP address can change when the Netgear router switch between WAN-1 ISP (Dynamic-IP) and WAN-2 ISP.

crypto isakmp key testcisco881 address xxx.xxx.xx.xxx

( Working when i put This ) If the Netgear address change, I nedd to manually change this address xxx.xxx.xx.xxx.

crypto ipsec transform-set myset1 esp-3des esp-sha-hmac

crypto map Netgear 1 ipsec-isakmp

set peer netgear.getmyip.com dynamic

( Doesn't work when i put this ) But I need this because the peer IP address can change when the Netgear router switch between WAN-1 ISP (Dynamic-IP) and WAN-2 ISP.

set peer xxx.xxx.xx.xxx

( Working when i put This ) If the Netgear address change, I nedd to manually change this address xxx.xxx.xx.xxx.
set transform-set myset1
set pfs group2
match address 101

access-list 101 permit ip 192.168.254.0 0.0.0.255 192.168.2.0 0.0.0.255

#2) Config on the Netgear. ( Dual WAN with DynDNS IP Address Resolution )

See attached Picture Netgear-1 et Netgear-2

Let me know how it's possible to config the Cisco to work with netgear.getmyip.com

Thank You !

Patrick Lussier