06-19-2010 11:21 AM
Hi Guys,
I just wanted to know whether we can make site-to-site vpn on 2 routers/asa if both sides are having dynamic ip addresses.
its a strange requirement of my client..
I was thinking it is possible if we can do dyn-dns on both the sides but not sure if we can??
Is it possible guys??
Regards,
Jvalin
06-19-2010 11:28 AM
Hi,
I know that you can establish the site to site when one side has a dynamic IP.
But I think that you cannot make a site-2-site vpn with dynamic IPs on both sides.
This is because dynamic crypto maps don't allow you to initiate connections.
If both sides have dynamic crypto maps, who will initiate the connection?
Unfortunately not possible as far as I've seen.
Federico.
06-19-2010 11:30 AM
but as we configure ezvpn - the dynamic side only initiates the connection right?
jv
06-19-2010 11:35 AM
Yes.
WIth EzVPN the dynamic (or client) side initiates the connection (just as a VPN client).
But the configuration on the Hardware Client does not uses dynamic crypto maps, it uses an EzVPN hardware client configuration.
Even EzVPN cannot be established if both sides uses dynamic IPs.
Federico.
06-19-2010 11:39 AM
but cant we configured using dyn-dns on both the sides?
06-19-2010 11:51 AM
From what I've seen it won't work, but I'll have to try it again and see if there's any way now to make it work, because when I did it, everytime an IP changed, the VPN won't come up until clearing the dynamic peer and setting it again.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide