cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

452
Views
0
Helpful
2
Replies
Beginner

Question about crypto tunnel configuration

Hello,

I'm hoping someone can answer this question for me.  I would appreciate any input.

Right now, I've got an up/active ipsec-isakmp tunnel to a friend.  We're both using 2621xm routers running IOS 12.4.  However, I have one quick question:

Instead of setting the peer as an IP address, can I specify a domain name?  We're both registered with a Dynamic DNS service as our ISP doesn't provide static IP's.  Is it possible to change the IP address in the ipsec-isakmp settings to a dynamic domain name?

I don't think I'll need to post my config, but I will if I have to.

Thank you very much in advance!

Regards,

Chris.

2 REPLIES 2
Engager

Question about crypto tunnel configuration

There is a quick answer though you will probably not like it: No, this is not possible.

You can use a dns name to configure the IPsec peer ip address but this is a one-time lookup.

The ip address in the dns reply is entered in your config and this is not dynamically updated afterwards.

Sorry but that's how it is. Probably a security related feature.

Think of what one could do with this if it worked like you sugggest.

All it would require is to spoof the dns....

regards,

Leo

Contributor

Re: Question about crypto tunnel configuration

You can look into dynamic multipoint VPN, though I don't know about support on a 2621.

Sent from Cisco Technical Support iPad App