«

Hi
I need to make a static vpn tunnel between two places but in one
localization is only with dynamic ip
on one side of tunnel is pix on other linksys BEFSX41 with dynDNS and
TZO.com support.
when the ip is static then is no problem, but with dynamic ip's is different
situation.
some one maybe have a idea how to solve this situation.
thx

* Tomek W. wrote:
> some one maybe have a idea how to solve this situation.

Pay some bugs for a static IP.

that i know, but it's impossible

* Tomek W. wrote:
[no money for static IP addresses]
> that i know, but it's impossible

Then you do not need the VPN.

be so kind and if you don't have nothing to say just be quiet

"Tomek W." <> wrote in message
news:eh4sba$7nk$...
> Hi
> I need to make a static vpn tunnel between two places but in one
> localization is only with dynamic ip
> on one side of tunnel is pix on other linksys BEFSX41 with dynDNS and
> TZO.com support.
> when the ip is static then is no problem, but with dynamic ip's is
> different
> situation.
> some one maybe have a idea how to solve this situation.
> thx
>

Do a google for "pix static to dynamic vpn" 1000's of hits. Heres one from
Cisco, using NAT, you can simply ignore the NAT stuff tho for your config.
http://www.cisco.com/en/US/products/...80094680.shtml

In article <eh4sba$7nk$>,
Tomek W. <> wrote:
>I need to make a static vpn tunnel between two places but in one
>localization is only with dynamic ip
>on one side of tunnel is pix on other linksys BEFSX41 with dynDNS and
>TZO.com support.
>when the ip is static then is no problem, but with dynamic ip's is different
>situation.
>some one maybe have a idea how to solve this situation.

If you need both sides to be able to bring up the tunnel, and
if it is the linksys that has the dynamic IP, then you will not be
able to do what you want in PIX 5, or 6 for sure (and I don't
think you can do it in PIX 7, but I could be wrong about that.)

You could have an internal computer on the PIX side look up the
IP address and then have it log in to the PIX and reprogram the PIX.
But if the dynamic IP address of the linksys changed while the tunnel
was up, then you would need some way for that internal computer to notice
the change and go back in and reprogram the PIX again. In PIX 5 and 6,
this reprogramming can NOT be done via SNMP; PIX 7 has more SNMP
capabilities, but I don't -think- it could be done via SNMP on PIX 7
either.

In article <eh55po$870$>,
Tomek W. <> wrote:

>be so kind and if you don't have nothing to say just be quiet

So if we *know* that what you want to do cannot be done using the
equipment you have specified, then you'd prefer that we just
say nothing and leave you searching for a solution that does not
exist?

The person you were replying to -was- being helpful, by
pointing out the relative priorities of the situation. Unless you
use the reprogramming approach I described in my earlier posting
(which would require equipment and software tools beyond those you
listed as being available), you cannot do what you asked to do,
and the best available fix is to get a static IP on both ends.

If the two-way link is of sufficient importance to you, you must
find a way to overcome the "impossible" dynamic IP situation,
even if that means paying thousands of dollars to have an ISP install
a fibre connection. If the link isn't worth that much trouble
or expense, then you must either do without having both ends able
to initiate the link, or else you must change the PIX for some either
kind of firewall that will cooperate with DynDNS.

* Walter Roberson wrote:
> able to do what you want in PIX 5, or 6 for sure (and I don't
> think you can do it in PIX 7, but I could be wrong about that.)

You are right: PIX 7 needs static IPs, too.

> the change and go back in and reprogram the PIX again. In PIX 5 and 6,
> this reprogramming can NOT be done via SNMP; PIX 7 has more SNMP
> capabilities, but I don't -think- it could be done via SNMP on PIX 7
> either.

You are right: PIX 7 can't be reprogrammed using SNMP.