cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2250
Views
0
Helpful
6
Replies

RV340 site to site VPN not working with DDNS

jorge.arova
Level 1
Level 1

Hello,

 

I have two different sites (using RV340 routers) with public dynamic IP addresses. To create a site to site VPN I'm, trying to used DDNS service to point to the Dynamic IP addreses. I already tried setting the DDNS addresses as the FQDN for the remote endpoint and remote identifier without getting it to work. Is it possible to make this configuration work? Or what am I doing wrong? When  using the ip address it works, until the dynamic ip changes and then the tunnel fells down.

 

Thanks for the help and guidance!

 

JR

6 Replies 6

ktonev
Cisco Employee
Cisco Employee

Hello Jorge,

Using a DDNS service on both sides may cause you issues in case that the IPs are not updated at the same time. If this setup is causing you issues I would recommend using a static IP for one of the sites and DDNS on the other.

If you are having issues setting this up I please call our support centre so an engineer can assist you further.

 

I am having a very similar issue.

 

When I use a ip address value to remote site for vpn access, all works fine.

 

But when I use a fqdn it fails to make the vpn tunnel it fails to connect.

 

Any help appreciated.

Hi bert090172,

 

The easiest way to resolve this would be to open a service request so an engineer can check the configuraiton with you.

Here is a link to the TAC frontline: https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

 

Solved:

Both the 'Local Identifier Type' and the 'Remote Identifier Type' needs to be the same (Local/Remote FQDN). The setting that didn't work for me was having a 'Local Identifier Type' set to 'Local WAN IP' and the 'Remote Identifier Type' set to 'Remote FQDN'

I've done like you described but no luck. VPN only connects when I specify the IP.

Can you please post a screenshot of the config? 

 

thanks 

Cata

Hello Cata,

 

A successful site-to-site connection requires that at least one of the devices be identifiable by a static IP address or a Dynamic DNS hostname. Best practices recommend using at least one site with static IP address. If you set both ends DDNS none of these services will be able to update changing IPs when and if it happens, so if you would like to try you should be prepared for a few glitches in the connections. The length of downtime would the same it will take for the DDNS service to update. 

 

Regards,

Martin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: