03-16-2012 12:09 PM
Hello,
I'm hoping someone can answer this question for me. I would appreciate any input.
Right now, I've got an up/active ipsec-isakmp tunnel to a friend. We're both using 2621xm routers running IOS 12.4. However, I have one quick question:
Instead of setting the peer as an IP address, can I specify a domain name? We're both registered with a Dynamic DNS service as our ISP doesn't provide static IP's. Is it possible to change the IP address in the ipsec-isakmp settings to a dynamic domain name?
I don't think I'll need to post my config, but I will if I have to.
Thank you very much in advance!
Regards,
Chris.
03-17-2012 04:22 AM
There is a quick answer though you will probably not like it: No, this is not possible.
You can use a dns name to configure the IPsec peer ip address but this is a one-time lookup.
The ip address in the dns reply is entered in your config and this is not dynamically updated afterwards.
Sorry but that's how it is. Probably a security related feature.
Think of what one could do with this if it worked like you sugggest.
All it would require is to spoof the dns....
regards,
Leo
03-19-2012 07:11 PM
You can look into dynamic multipoint VPN, though I don't know about support on a 2621.
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide