08-19-2003 07:35 AM
Dear All!
I am setting up a vpn with two 831, only with pre shared key.
my config looks like that:
-----------------------
crypto isakmp key geheim address x.x.0.2
!
!
crypto ipsec transform-set SetEins esp-3des esp-md5-hmac
crypto ipsec transform-set SICHER esp-3des esp-md5-hmac
!
crypto map FILTER 10 ipsec-isakmp
set peer 12.0.0.2
set security-association lifetime seconds 4000
set transform-set SICHER
match address 101
-----------------------
crytpo isakmp key XXXXXX address a.b.c.d
there is a possibility to day
crypto isakmp key xxxxx hostname MyHost
What is this good for? Is this a way to do dynamic vpn?
In the Crypto Map, I can change thte "Identity", how can I use this feature? I thought the Identity is the IP in most cases?
Is ist possible to do "set peer hostname" which is only resolved when I build up the tunnel?
Well, this are mainly IOS questions, are there any good papers or books out there?
What I would like to do, is to build up a connection to a 831 with a DSL-moden infront of it. I want to get the ip-Adress using dyndns. I know this is not a good idea from a security point of view, but I don't have a choice?
Thank you!
Best
Christian
08-25-2003 10:34 AM
1) Dynamic VPN is used where one of the endpoints, mostly the remote office, is receives an IP address through DHCP. Simply put, this is done using the command
crypto isakmp key
The key specified will be used as a preshare for all remote endpoints. For more information, please see http://www.cisco.com/warp/public/707/ios_804.html
2) The crypto isakmp identity command has two options:
crypto isakmp identity {address | hostname}
address- Sets the ISAKMP identity to the IP address. This is the default
hostname- Sets the ISAKMP identity to the host name
Normally, a ip host command goes with the identity hostname command.
3) For more information on set peer command, you could refer to http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/fipsencr
01-10-2004 08:50 AM
Christian,
Did you ever get this to work with dyndns between your two 831's? I would also like to use host names to setup a VPN instead of IP addresses. I know some Linksys routers have a dyndns client integrated but I did not think any Cisco router or firewall had it. But maybe I am wrong and the SOHO series can be setup this way... nevertheless, I can not find any documentation on dynamic DNS in the guides. If it worked for you, can you please add details on how you accomplished this to this thread? Thanks
01-12-2004 04:29 AM
Hello Jan,
no, cisco is not working with dynamic ip-addresses on both tunnelendpoints and I think there are enough reasons why.
Actually there is one way to do it anyway, but the feature is not intended to this!
You can use the ez-vpn feature. There you can tell the client site to resolv a hostname as tunnelendpoint, but I think it is intended to do load balancing not for dyndns.org :)
Best,
Christian
05-31-2004 08:08 AM
Hello,
what are the reasons why cisco doesn`t support the dyndns feature ?
Best,
Michael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide