Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
660
Views
0
Helpful
5
Replies

Upgrade RV320 site-to-site VPN to RV340 site-to-site VPN

semifore_rich
Level 1
Level 1

‎05-04-2021 11:40 PM

I can't find any documentation on how to translate the RV320 site-to-site remote IP "IP by dns resolved" to the appropriate settings on the RV340.  There is also no documentation on how to use the RV 340 remote end point FQDN and dynamic IP selections.  Although we have some locations with static IPs, we are stuck with dynamic IPs.

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎05-05-2021 03:17 AM

I am sure onside should be static IP for sure to connect, remote side where there is no static IP, the use Dynamic DNS Service to resolve to connect.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

semifore_rich
Level 1
Level 1

‎05-05-2021 10:58 AM

Yes, we have been using a static IP at one end of the VPN and a dynamic IP with a third party dynamic DNS service for the other end of the VPN for 15 years.  Most recently we have been using many RV320/RV325s and their "IP by DNS resolved" setting for the site-to-site VPN configuration for the endpoint with dynamic IP address.  We are trying to upgrade to the RV340 for all of the routers, but, it is not clear from the documentation, knowledge base nor videos on how the RV320 VPN configuration should be translated to the RV340 VPN configuration.  There is a "dynamic IP" setting on the RV340 site-to-site VPN, but, there is no description on how to use it.  I need to get this kind of VPN connection to work before we consider purchasing the compliment of RV340/RV345s we need to upgrade the entire company network.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to semifore_rich

‎05-06-2021 02:34 AM

RV Models are new in Cisco small business routers, as per the document it should work as expected. Once you configured still have issue , SMB TAC can able to help you and very helpfull all time.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

semifore_rich
Level 1
Level 1
In response to balaji.bandi

‎05-10-2021 06:25 PM

This response is not helpful.  Please identify the document and the appropriate section or page.

0 Helpful

nagrajk1969
Spotlight
Spotlight

‎05-10-2021 05:24 PM

Hi Semifore

 

some of the scenarios where each of the selection for "remote endpoint" in the RV340 S2S tunnel config page (for both IKEv1 and IKEv2 tunnels) are as below:

 

Remote endpoint: Static-IP and/or Dynamic-IP -  It would be when the deployment is as below:

 

Scenario-1a:

(local-subnet)----[RV340-GW1](static-wan-ip)-----{internet-isp-router}-------(static-wan-ip)[Remote-IPsec-Peer/RV340-GW2]---(remote-subnet)

- Here i will confgure on RV340-GW1, the remote-endpoint (i.e Remote-Peer) as Static-IP

 

OR

 

Scenario-1b:

(local-subnet)----[RV340-GW1](static-wan-ip)-----{internet-isp-router}(nat/masquerade)-------(static-wan-ip)[Remote-IPsec-Peer/RV34X-GW2]---(remote-subnet)

- On RV340-GW1, i will continue to configure the "remote-endpoint" (i,e remote-peer) as static-ipaddr, becos i know the wan-ipaddr of Remote-Peer

- BUT, In this case the left-RV340-GW1 is behind the nat-isp-router...so this tunnel will be using NAT-T...and always the tunnel & traffic thru tunnel will be initiated from the left-RV340 side ONLY

- Hence In this case, it becomes a MUST (becos the RV340-GW1 is behind NAT) and therefore for the remote-peer the wan-ipaddr of left-RV340 is dynamic in nature...it can keep changing..Hence in this case in the S2S tunnel config ON REMOTE-PEER/RV34X-GW2 the "remote-endpoint" has to be configured as "Dynamic-IP".....meaning that "Remote-Peer/RV340-GW2" is configured as a Passive/Responder-only IPsec-peer....

 

 

2. Remote Endpoint: FQDN (this is nothing but the "Ip Resolved by DNS)".....

 

Say you have a deployment as below:

 

(local-subnet)----[RV340-GW1](wan)-----{internet-isp-router}--inet----[isp-router]----(dhcp/pppoe-wan)[Remote-IPsec-Peer/RV340-GW2]---(remote-subnet)

 

- Here the remote-peer is having a dynamic-wan ipaddr using DHCP/PPPoE...so it uses a DynDNS service to register its present active wan-ipaddr to DynDNS-server and its correspong FQDN is registered as "gw2.dyndns.org"

 

- Therefore when configuring the S2S tunnel on RV340-GW1...for the scenario "IP-Resolved-by-DNS" and for the above shown deployment scenario, we will have to use the "remote endpoint" selection of "FQDN" and give the value of "gw2.dyndns.org"....or any other FQDN value that is resolved by any dns-server (configured on RV340-GW1) to the actual/active wan-ipaddr of the Remote-Peer

 

hope you have got how to and when to use the "static-ip/fqdn/dynamic-ip" selection for remote-endpoint on RV34X routers...

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents