Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
710
Views
0
Helpful
6
Replies

VPN using dynamic IP with Cisco 831 router

lschroeder
Level 1
Level 1

‎10-13-2004 06:24 AM

Is it possible to use a service such as dyndns.org with the Cisco 831? I woul like to create a VPN but my service providers do not offer static IP addresses?

Thanks,

Larry

Labels:
0 Helpful
6 Replies 6

thiland
Level 3
Level 3

‎10-13-2004 12:55 PM

I am assuming you're talking about a site to site VPN? And not a remote access VPN?

Either one will work with DynDNS.org or a similar dynamic DNS service.

When creating your crypto maps, be sure to use the "dynamic" keyword when setting your remote peer. Dynamic IP VPN's require:

1. A DNS name-server assign on the router

2. At least IOS 12.3(4)T (which supports Real-time Resolution)

3. The "dynamic" keyword for your set peer statement, e.g. set peer host1.dyndns.org dynamic

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtrlres.htm

-Tanner

0 Helpful

endpoint
Level 1
Level 1
In response to thiland

‎10-20-2004 09:17 AM

But with 831 and ddns feature, how can I input the dyndns.org http url into the configuration. I know the url should be somehting like:

password@members.dyndns.org/nic/update?system=dyndns&hostname')">http://userid:password@members.dyndns.org/nic/update?system=dyndns&hostname=&myip=

But I cann't key in "?" (the question mark) in the configure mode. Is there any way solve this problem.

Regards,

Endpoint

0 Helpful

thiland
Level 3
Level 3
In response to endpoint

‎10-24-2004 06:57 AM

You'll need a host on the inside network to run the dynamic DNS updater client (such as DirectUpdate).

-Tanner

0 Helpful

lorenzocucchetti
Level 1
Level 1
In response to endpoint

‎10-29-2004 02:00 PM

you have to type CTRL V just before to type ?.

bye

0 Helpful

majasan
Level 1
Level 1
In response to endpoint

‎10-04-2005 02:04 PM

Hello.

Use ozgur.guler's logic. The dynamic Ip address router ( satellite )will have static crypto. The Static IP addrsss router ( hub) will have dynamic crypto.

That will answer your design part.

For the specific question to add URLs of popular DDNS service sites use the following link. It has specific examples. I will also check with the DDNS provider for sepcific commands to be used on the specifc vendor routers as well.

http://www.cisco.com/en/US/partner/products/ps6350/products_command_reference_chapter09186a00804461ba.html#wp1105931

0 Helpful

ozgur.guler
Level 1
Level 1

‎10-23-2004 11:53 PM

dynamic crypto map config will work if at least one of the sites have dynamic ips

on your 837 you will have the static configuration and on your gw you ll have the dynamic crypto map config - here you dont need any remote-peer defined so you dont need to define any dyndns.

when the dynamic ip side initiates the connection,

your gw will accept the request, by checking its wildcard preshared key, and by looking at the incoming ip address it will create its own ike packets. and then Phase 1 and Phase 2 will go on as usual by cheking transform-sets etc. the tunnel will be established in the end.

but this will work only if the dynamic ip side initiates the tunnel. after that the communication is 2 way.

HTH

0 Helpful
Customers Also Viewed These Support Documents