cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
630
Views
0
Helpful
5
Replies

Upgrade RV320 site-to-site VPN to RV340 site-to-site VPN

semifore_rich
Level 1
Level 1

I can't find any documentation on how to translate the RV320 site-to-site remote IP "IP by dns resolved" to the appropriate settings on the RV340.  There is also no documentation on how to use the RV 340 remote end point FQDN and dynamic IP selections.  Although we have some locations with static IPs, we are stuck with dynamic IPs.

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

I am sure onside should be static IP for sure to connect, remote side where there is no static IP, the use Dynamic DNS Service to resolve to connect.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

semifore_rich
Level 1
Level 1

Yes, we have been using a static IP at one end of the VPN and a dynamic IP with a third party dynamic DNS service for the other end of the VPN for 15 years.  Most recently we have been using many RV320/RV325s and their "IP by DNS resolved" setting for the site-to-site VPN configuration for the endpoint with dynamic IP address.  We are trying to upgrade to the RV340 for all of the routers, but, it is not clear from the documentation, knowledge base nor videos on how the RV320 VPN configuration should be translated to the RV340 VPN configuration.  There is a "dynamic IP" setting on the RV340 site-to-site VPN, but, there is no description on how to use it.  I need to get this kind of VPN connection to work before we consider purchasing the compliment of RV340/RV345s we need to upgrade the entire company network.

RV Models are new in Cisco small business routers, as per the document it should work as expected. Once you configured still have issue , SMB TAC can able to help you and very helpfull all time.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

This response is not helpful.  Please identify the document and the appropriate section or page.

nagrajk1969
Spotlight
Spotlight

Hi Semifore

 

some of the scenarios where each of the selection for "remote endpoint" in the RV340 S2S tunnel config page (for both IKEv1 and IKEv2 tunnels) are as below:

 

Remote endpoint: Static-IP and/or Dynamic-IP -  It would be when the deployment is as below:

 

Scenario-1a:

(local-subnet)----[RV340-GW1](static-wan-ip)-----{internet-isp-router}-------(static-wan-ip)[Remote-IPsec-Peer/RV340-GW2]---(remote-subnet)

- Here i will confgure on RV340-GW1, the remote-endpoint (i.e Remote-Peer) as Static-IP

 

OR

 

Scenario-1b:

(local-subnet)----[RV340-GW1](static-wan-ip)-----{internet-isp-router}(nat/masquerade)-------(static-wan-ip)[Remote-IPsec-Peer/RV34X-GW2]---(remote-subnet)

- On RV340-GW1, i will continue to configure the "remote-endpoint" (i,e remote-peer) as static-ipaddr, becos i know the wan-ipaddr of Remote-Peer

- BUT, In this case the left-RV340-GW1 is behind the nat-isp-router...so this tunnel will be using NAT-T...and always the tunnel & traffic thru tunnel will be initiated from the left-RV340 side ONLY

- Hence In this case, it becomes a MUST (becos the RV340-GW1 is behind NAT) and therefore for the remote-peer the wan-ipaddr of left-RV340 is dynamic in nature...it can keep changing..Hence in this case in the S2S tunnel config ON REMOTE-PEER/RV34X-GW2 the "remote-endpoint" has to be configured as "Dynamic-IP".....meaning that "Remote-Peer/RV340-GW2" is configured as a Passive/Responder-only IPsec-peer....

 

 

2. Remote Endpoint: FQDN (this is nothing but the "Ip Resolved by DNS)".....

 

Say you have a deployment as below:

 

(local-subnet)----[RV340-GW1](wan)-----{internet-isp-router}--inet----[isp-router]----(dhcp/pppoe-wan)[Remote-IPsec-Peer/RV340-GW2]---(remote-subnet)

 

- Here the remote-peer is having a dynamic-wan ipaddr using DHCP/PPPoE...so it uses a DynDNS service to register its present active wan-ipaddr to DynDNS-server and its correspong FQDN is registered as "gw2.dyndns.org"

 

- Therefore when configuring the S2S tunnel on RV340-GW1...for the scenario "IP-Resolved-by-DNS" and for the above shown deployment scenario, we will have to use the "remote endpoint" selection of "FQDN" and give the value of "gw2.dyndns.org"....or any other FQDN value that is resolved by any dns-server (configured on RV340-GW1) to the actual/active wan-ipaddr of the Remote-Peer

 

hope you have got how to and when to use the "static-ip/fqdn/dynamic-ip" selection for remote-endpoint on RV34X routers...