Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Site to Site VPN w/DHCP

Reply
Thread Tools

Site to Site VPN w/DHCP

 
 
amattina@layer8group.com
Guest
Posts: n/a
 
      09-18-2006
Freinds,
I have an intresting task assigned to me that I don't think is possible
but I figured I'd throw it out there at least.

Two sites, one site in USA one in China. USA site has a static
address, China site will have a DHCP from the provider. China office
needs to telnet to USA server to do whatever they do. I need a site to
site VPN from one site to the other so this is all secured as best as
possible. Obviously if the provider in China assigns a fresh DHCP
address, the VPN tunnel will be broken. Is there a way to make this
work? Static to DHCP site to site VPN using Cisco PIX equipment. I
don't think there is a way but if there is let me know. Cisco seems to
say only static addresses.

"The public IP addresses are specified in the IPsec peers
configuration, and require that the public addresses of the VPN routers
to be static addresses."

Thanks,
Adam

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      09-18-2006
In article <(E-Mail Removed) .com>,
http://www.velocityreviews.com/forums/(E-Mail Removed) <(E-Mail Removed)> wrote:
>I have an intresting task assigned to me that I don't think is possible
>but I figured I'd throw it out there at least.


>Two sites, one site in USA one in China. USA site has a static
>address, China site will have a DHCP from the provider. China office
>needs to telnet to USA server to do whatever they do. I need a site to
>site VPN from one site to the other so this is all secured as best as
>possible. Obviously if the provider in China assigns a fresh DHCP
>address, the VPN tunnel will be broken. Is there a way to make this
>work? Static to DHCP site to site VPN using Cisco PIX equipment.


With the Cisco PIX (and ASA, I believe), the device cannot initiate
a VPN connection to another device that has a dynamic address,
but a device that has a dynamic address *can* initiate a VPN connection
to a device that has a static address.

You indicate that the site in China will telnet to the USA server, which
would seem to imply that having the China site initiate the connection
would be fine under the circumstances.

What you need to do to make the situation work, is to configure the
site with the variable address normally (normal crypto map, normal
'set peer'), but configure the site with the static address differently.
The site with the static address should be configured with a
crypto dynamic map.

http://www.cisco.com/univercd/cc/td/....htm#wp1085720
 
Reply With Quote
 
 
 
 
amattina@layer8group.com
Guest
Posts: n/a
 
      09-18-2006
Walter,
Thanks. I was on the phone with techdata and cisco as I was posting and
then came accross the answer:

http://www.cisco.com/en/US/products/...80094680.shtml

I'll see hwo it goes.

Have a great day!
- Adam
Walter Roberson wrote:
> In article <(E-Mail Removed) .com>,
> (E-Mail Removed) <(E-Mail Removed)> wrote:
> >I have an intresting task assigned to me that I don't think is possible
> >but I figured I'd throw it out there at least.

>
> >Two sites, one site in USA one in China. USA site has a static
> >address, China site will have a DHCP from the provider. China office
> >needs to telnet to USA server to do whatever they do. I need a site to
> >site VPN from one site to the other so this is all secured as best as
> >possible. Obviously if the provider in China assigns a fresh DHCP
> >address, the VPN tunnel will be broken. Is there a way to make this
> >work? Static to DHCP site to site VPN using Cisco PIX equipment.

>
> With the Cisco PIX (and ASA, I believe), the device cannot initiate
> a VPN connection to another device that has a dynamic address,
> but a device that has a dynamic address *can* initiate a VPN connection
> to a device that has a static address.
>
> You indicate that the site in China will telnet to the USA server, which
> would seem to imply that having the China site initiate the connection
> would be fine under the circumstances.
>
> What you need to do to make the situation work, is to configure the
> site with the variable address normally (normal crypto map, normal
> 'set peer'), but configure the site with the static address differently.
> The site with the static address should be configured with a
> crypto dynamic map.
>
> http://www.cisco.com/univercd/cc/td/....htm#wp1085720


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX - Site-to-Site VPN and VPN Client access Rick Stromberg Cisco 7 06-02-2011 11:44 PM
VPN site to site & Remote access VPN ( vpn client) over the same interface pasatealinux Cisco 1 12-17-2007 07:41 PM
Site to Site VPN questions ( by VPN newbie ) JJ DD Cisco 3 08-22-2004 11:03 PM
Incoming VPN and site to site VPN problems Nathan Simpson Cisco 1 08-14-2004 06:07 PM
site-to-site VPN router to PIX VPN tical Cisco 3 05-27-2004 09:00 PM



Advertisments