10-13-2004 06:24 AM
Is it possible to use a service such as dyndns.org with the Cisco 831? I woul like to create a VPN but my service providers do not offer static IP addresses?
Thanks,
Larry
10-13-2004 12:55 PM
I am assuming you're talking about a site to site VPN? And not a remote access VPN?
Either one will work with DynDNS.org or a similar dynamic DNS service.
When creating your crypto maps, be sure to use the "dynamic" keyword when setting your remote peer. Dynamic IP VPN's require:
1. A DNS name-server assign on the router
2. At least IOS 12.3(4)T (which supports Real-time Resolution)
3. The "dynamic" keyword for your set peer statement, e.g. set peer host1.dyndns.org dynamic
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtrlres.htm
-Tanner
10-20-2004 09:17 AM
But with 831 and ddns feature, how can I input the dyndns.org http url into the configuration. I know the url should be somehting like:
password@members.dyndns.org/nic/update?system=dyndns&hostname')">http://userid:password@members.dyndns.org/nic/update?system=dyndns&hostname=
But I cann't key in "?" (the question mark) in the configure mode. Is there any way solve this problem.
Regards,
Endpoint
10-24-2004 06:57 AM
You'll need a host on the inside network to run the dynamic DNS updater client (such as DirectUpdate).
-Tanner
10-29-2004 02:00 PM
you have to type CTRL V just before to type ?.
bye
10-04-2005 02:04 PM
Hello.
Use ozgur.guler's logic. The dynamic Ip address router ( satellite )will have static crypto. The Static IP addrsss router ( hub) will have dynamic crypto.
That will answer your design part.
For the specific question to add URLs of popular DDNS service sites use the following link. It has specific examples. I will also check with the DDNS provider for sepcific commands to be used on the specifc vendor routers as well.
10-23-2004 11:53 PM
dynamic crypto map config will work if at least one of the sites have dynamic ips
on your 837 you will have the static configuration and on your gw you ll have the dynamic crypto map config - here you dont need any remote-peer defined so you dont need to define any dyndns.
when the dynamic ip side initiates the connection,
your gw will accept the request, by checking its wildcard preshared key, and by looking at the incoming ip address it will create its own ike packets. and then Phase 1 and Phase 2 will go on as usual by cheking transform-sets etc. the tunnel will be established in the end.
but this will work only if the dynamic ip side initiates the tunnel. after that the communication is 2 way.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide