Re: IPSEC Tunnel with both sides Dynamic IP

CCIE Aspirant · ‎11-14-2022

Hi,

I have two ISR 891g. I am trying to make ipsec tunnel between these two routers. The problem is that both routers does not have static Public IP. Both routers are having LTE sim.

so is it possible or not?

if not possible then what is the solution. (Change device/firmware). i can't have static ip at either end.

Rob Ingram · ‎11-14-2022

@CCIE Aspirant have a look at this old cisco guide for IOS routers, where both peers have dynamic IP addresses and Dynamic Domain Name System (DDNS) is used.

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-architecture-implementation/118048-technote-ipsec-00.html

CCIE Aspirant · ‎11-14-2022

@Rob Ingram Thanks for the reply

i have checked and tested that method earlier. first they don't have any crypto map defined in their configs.

for my router the router is unable to fetch the ddns ip.

kindly if you can suggest some other working solution.

thanks

Rob Ingram · ‎11-14-2022

@CCIE Aspirant there are limited options to resolve this issue with the hardware you have, I would suggest re-designing to match the guide above or getting a static IP address on one end.

MHM Cisco World · ‎11-14-2022

can you more elaborate about why the router can resolve DDNS ?

CCIE Aspirant · ‎11-14-2022

@MHM Cisco World Thanks for the reply.

i found out that the ddns was not be resolved from anywhere else. Can u help me in configuring the cisco router to be as ddns?

thanks