Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
611
Views
0
Helpful
2
Replies

Question about crypto tunnel configuration

c.leighland
Level 1
Level 1

‎03-16-2012 12:09 PM

Hello,

I'm hoping someone can answer this question for me.  I would appreciate any input.

Right now, I've got an up/active ipsec-isakmp tunnel to a friend.  We're both using 2621xm routers running IOS 12.4.  However, I have one quick question:

Instead of setting the peer as an IP address, can I specify a domain name?  We're both registered with a Dynamic DNS service as our ISP doesn't provide static IP's.  Is it possible to change the IP address in the ipsec-isakmp settings to a dynamic domain name?

I don't think I'll need to post my config, but I will if I have to.

Thank you very much in advance!

Regards,

Chris.

Labels:
0 Helpful
2 Replies 2

lgijssel
Level 9
Level 9

‎03-17-2012 04:22 AM

There is a quick answer though you will probably not like it: No, this is not possible.

You can use a dns name to configure the IPsec peer ip address but this is a one-time lookup.

The ip address in the dns reply is entered in your config and this is not dynamically updated afterwards.

Sorry but that's how it is. Probably a security related feature.

Think of what one could do with this if it worked like you sugggest.

All it would require is to spoof the dns....

regards,

Leo

0 Helpful

Jeff Van Houten
Level 5
Level 5

‎03-19-2012 07:11 PM

You can look into dynamic multipoint VPN, though I don't know about support on a 2621.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents