No, I don't have any specific

csco11087563 · ‎09-20-2015

Hello All,

I have two branches and both side have 2901 router 15.4 security enabled IOS and now i want to create a site to site VPN both the side have ADSL connection? so if both the side have Dynamic IP Address can we configure VPN

Regards

Anwar

Karsten Iwen · ‎09-20-2015

Yes, that can work, but in my experience it won't run really good. First look for other possibilities like getting fixed IP for at least one site.

If you can't get fixed IPs, then this is one way to get it working:

configure dynamic DNS registration on both routers.
In you crypto map configure the name-resolution to be done at the time of connect:
set peer peerX.dyndns.example dynamic
enroll both routers in a CA
Configure the authentication to use digital certificates (rsa-sig). Without certificates you would have to use wildcard-preshared keys which is not a best practice.

csco11087563 · ‎09-20-2015

Sir,

Do you have any documents for that..the customer is already frustrated with this.

Regards

Anwar

Karsten Iwen · ‎09-20-2015

No, I don't have any specific document for that. It's all part of the IOS documentation.

But if there is already frustration at the customer, then tell him to change to a business-DSL with fixed IP addresses. The dynamic solution will only increase the frustration.

Dinesh Moudgil · ‎09-21-2015

Hi csco11087563 ,

Post from mopaul in this support thread should get you started.
https://goo.gl/sz8lzD

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Site to Site VPN (Both site Dynamic IP)