how is everyone doing ?
Let say we have a small branch office say B1 and we want to connect it to company's head quarter HQ.
B1 dynamic ip address----------------vpn tunnel-------------- 188.8.131.52-HQ
Assume B1 is assigned a dynamic ip address a.a.a.a
Let say B1 uses a router with a dsl interface. B1 will use local ISP to connect to internet.
At B1 we set the destination ip for vpn tunnel as 184.108.40.206
The problem is how can we set the destination ip at HQ for vpn tunnel because B1 is assigned an ip by an isp which could change.
How can we establish vpn between two nodes when one of them is using dynamic ip address as was the case in our example?
Solved! Go to Solution.
The link you forwarded shows a configuration on "dr_whoovie" router.
At " dr_ whoovie" the traffic that needs to be vpn-tunneled will have to be matched by crptomap rtp under S0
I have the question about the order the commands are listed under crypto map rtp which i have posted for easy reference. ( i understand regardless of the order presented below, the goal to vpn -tunnel the desired packets will be achieved)
crypto map rtp 1 ipsec-isakmp set peer 99.99.99.set transform-set rtpset match address 115
The first command instrucst to perform the action instructed by " set peer 220.127.116.11"
( that means all the packets because at this stage interesting packets have not been identified)
The second command instructs router to perform the action instructed by " set transform-set rtpset"
( again that means the above action will be performed on all packets because at this stage interesting packets have not been identified)
The third command instructs router to perform the action instructed by " match address 115"
The above command will identify the interesting packets which will be forwarded out of s0 while all the rest will be denied
Is this order of operation correct?
If it is correct what will happen to packets that have been denied ,will they be dropped? Because in my book an example demonstrates the following
Crypto map sarah 1 ipsex-isakmp
match address 115
( interesting packets are identified by above command.
Then router performs the actions instrucetd by the following command on the interesting packets, all the others at this point are sent unencrypted out of interface. Here we observed the uninteresting packets which are denied by access-list are simply forwarded out of interface wihout being vpn-tunneled.
set peer 18.104.22.168 set transform-set rtpset
If your compare this order of commands to that of one presented in the case of "dr_whoovie" ,you see the order of commands is different.
In " dr_ whoovie" the interesting traffic is identified at the end because " match address 115 "was used at the end ' the question is what will happen to the packets which are denied by access-list 15.
Will these packet simply be dropped even though router have performed all the actions instructed by "set peer 22.214.171.124, set transform-set rtpset " commands because those commands preceded " match address 115 " command?
thanks and have a evening