Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
5
Replies

Learn it's VPN Peer IP address via a 3030 possible ?

dominic.bilodeau
Level 1
Level 1

‎03-27-2003 01:03 PM - edited ‎02-21-2020 12:26 PM

Hi,

We have 2 remote sites "A" and "B" with 837 VPN box that are using Dynamic IP address (DHCP) on public interface (by ISP). At head office, we are using a 3030 concentrator "C" with static IP address.

I can create lan-to-lan tunnels using IPSEC between remote sites to my 3030 with no problem. A to C and B to C.

Now I would like to create a third tunnel between the two remote sites A and B. The problem I have is that they are both configured with DHCP on public interface and addresses changes often.

Is there a way my two remote sites (A and B) could learn their "peer" IP address via the 3030. I've read a lot on this but could'n find any confirmation whether or not it's possible. Anyone have another idea... NHRP, DDNS ????

Any advice will be much appreciated ...

Thanks.

Labels:
0 Helpful
5 Replies 5

afakhan
Level 4
Level 4

‎03-27-2003 04:44 PM

Hi,

Its not possible with the concentrator, vpn3k can't provide the ip address, the thing that you can do is that you can configure your two routers and vpn3k so that two routers can talk to each other via vpn3k.

Donot use any code later than 3.6.7rel.

Thx

0 Helpful

dominic.bilodeau
Level 1
Level 1
In response to afakhan

‎03-27-2003 07:10 PM

Thanks for your post,

You mention that with a VPN3K it's not possible... Does that mean that it would be possible with another type of box ? ie PIX or IOS ???

If so, what would be the general guidelines ?

Your input is really appreciated...

Regards,

Dominic

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to dominic.bilodeau

‎03-30-2003 06:28 PM

No, it's not possible on other boxes either. The only way to do this is to route traffic from Site A to Site B through the VPN3000.

In the L2L access-list config for each site, include the traffic for the other site, that way it'll be tunnelled and sent to the 3000, which will then re-encrypt it and send it to the other site.

0 Helpful

dominic.bilodeau
Level 1
Level 1
In response to gfullage

‎03-31-2003 05:49 AM

Thank you both for your reply... It's clear now that I have to use my 3K box to route between A and B...

Dominic

0 Helpful

engel
Level 2
Level 2
In response to afakhan

‎03-31-2003 05:54 AM

Any reason why we should use code 3.6.7 ??

We are running a hub and spoke design with code 3.5.5 at the Concentrator without problem .

0 Helpful
Customers Also Viewed These Support Documents