04-01-2008 02:53 AM - edited 02-21-2020 03:38 PM
Hi there:
A quick question about configuring a VPN Server on C871. Is it possible to set up a VPN using Dynamic IPs? The Box do get a new IP from the ISP every 24 hours. Is a VPN possible under these circumstances? Is DYNDNS helpful?
Thank you!
04-01-2008 06:52 PM
There sure is. Here is a typical GRE over IPSec config, the commands in bold are to support DHCP.
version 12.3
!
hostname Spoke1
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco47 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set trans2 esp-des esp-md5-hmac
mode transport
!
crypto map vpnmap1 local-address Ethernet0
crypto map vpnmap1 10 IPsec-isakmp
set peer 172.17.0.1
set security-association level per-host
set transform-set trans2
match address 101
!
interface Tunnel0
bandwidth 1000
ip address 10.0.0.2 255.255.255.0
ip mtu 1400
ip nhrp authentication test
ip nhrp map 10.0.0.1 172.17.0.1
ip nhrp network-id 100000
ip nhrp holdtime 300
ip nhrp nhs 10.0.0.1
delay 1000
tunnel source Ethernet0
tunnel destination 172.17.0.1
tunnel key 100000
!
interface Ethernet0
ip address dhcp hostname Spoke1
crypto map vpnmap1
!
interface Ethernet1
ip address 192.168.1.1 255.255.255.0
!
router eigrp 1
network 10.0.0.0 0.0.0.255
network 192.168.1.0 0.0.0.255
no auto-summary
!
access-list 101 permit gre 172.16.1.0 0.0.0.255 host 172.17.0.1
The ACL points to an entire source SUBNET, not just a GRE tunnel host address endpoint. The reason is that your ISP will probably assign an IP address from a designated subnet, which you can find out about from them.
HTH
Victor
04-02-2008 01:50 PM
Well first of all I like to thank you for your explanation. But actually I do not get it. What I like to do is to establish a VPN Server on my c871 to access the internal Network behind it. Only Dial-UP Clients shall be able to access the VPN.
The C871 is connected through PPPoE to the ISP who changes the IP every 24 hours. I.e. at the moment that is 87.78.149.72. As the client in the field is not aware of the current IP how is it able to dial in?
So once again, is it possible to set up a dial-up VPN server with dynamic IPs assigned by the ISP? Or is a static IP compulsary?
Hope you can help.
Thanks...Andy
04-02-2008 07:32 PM
Sorry, Andy.
I misunderstood what you were asking.
I dont have an answer to your question.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide