cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
480
Views
0
Helpful
2
Replies
Highlighted
Beginner

Question about crypto tunnel configuration

Hello,

I'm hoping someone can answer this question for me.  I would appreciate any input.

Right now, I've got an up/active ipsec-isakmp tunnel to a friend.  We're both using 2621xm routers running IOS 12.4.  However, I have one quick question:

Instead of setting the peer as an IP address, can I specify a domain name?  We're both registered with a Dynamic DNS service as our ISP doesn't provide static IP's.  Is it possible to change the IP address in the ipsec-isakmp settings to a dynamic domain name?

I don't think I'll need to post my config, but I will if I have to.

Thank you very much in advance!

Regards,

Chris.

2 REPLIES 2
Highlighted
Engager

There is a quick answer though you will probably not like it: No, this is not possible.

You can use a dns name to configure the IPsec peer ip address but this is a one-time lookup.

The ip address in the dns reply is entered in your config and this is not dynamically updated afterwards.

Sorry but that's how it is. Probably a security related feature.

Think of what one could do with this if it worked like you sugggest.

All it would require is to spoof the dns....

regards,

Leo

Highlighted
Contributor

You can look into dynamic multipoint VPN, though I don't know about support on a 2621.

Sent from Cisco Technical Support iPad App

Content for Community-Ad