1812 site-to-site VPN DynDNS question

Discussion in 'Cisco' started by SS, Jan 11, 2008.

  1. SS

    SS Guest

    I'm using two C1812 with Software (C181X-ADVIPSERVICESK9-M), Version
    12.4(6)T9, RELEASE SOFTWARE (fc2). I want to establish site-to-site VPN
    between 2 sites. At each site there is dynamic IP address with ADSL. Each
    site has its own dyndns name. What is required in my configuration that I
    could establish IPSec site-to-site VPN over dyndns names? Some special
    commands? Thanks
     
    SS, Jan 11, 2008
    #1
    1. Advertising

  2. SS

    Uli Link Guest

    SS schrieb:
    > I'm using two C1812 with Software (C181X-ADVIPSERVICESK9-M), Version
    > 12.4(6)T9, RELEASE SOFTWARE (fc2). I want to establish site-to-site VPN
    > between 2 sites. At each site there is dynamic IP address with ADSL. Each
    > site has its own dyndns name. What is required in my configuration that I
    > could establish IPSec site-to-site VPN over dyndns names? Some special
    > commands? Thanks


    It is not supported, but it works.

    the trick is to authenticate by the external fqdn instead of the unkown
    IP addresses and initiate aggressive mode with wildcard preshared keys.

    Haven't figured out with VTIs until now, only the old crypto map way.

    --
    Uli Link
     
    Uli Link, Jan 12, 2008
    #2
    1. Advertising

  3. SS

    SS Guest

    I did it like this? What do you mean with fqdn?


    ip name-server 195.29.150.3
    ip name-server 195.29.150.4
    ip ddns update method DYNDNS
    HTTP
    add
    http://xxxxxx:/nic/updatesystem=dyndns&hostname=<h>&myip=<a>
    interval maximum 0 0 1 0
    !
    !
    interface Dialer0
    ip ddns update hostname xxxxxx.dnsalias.net
    ip ddns update DYNDNS
    ip address negotiated
    ip mtu 1492
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication pap callin
    ppp pap sent-username xxxx@htnet-dsl password 7 wwwww
    crypto map VK-VU
    !
    !
    crypto isakmp policy 10
    encr aes 256
    authentication pre-share
    group 5
    crypto isakmp key 6 map-kex address 0.0.0.0 0.0.0.0 no-xauth
    !
    !
    crypto ipsec transform-set T1 ah-md5-hmac esp-aes
    crypto ipsec transform-set T2 esp-aes esp-sha-hmac
    crypto ipsec transform-set T3 ah-md5-hmac esp-aes
    crypto ipsec transform-set T4 ah-md5-hmac esp-3des
    crypto ipsec transform-set T5 ah-md5-hmac esp-des
    !
    !
    crypto map VK-VU 10 ipsec-isakmp
    set peer xxxxx.dnsalias.net dynamic
    set transform-set T2
    match address INT_TRAFFIC
    !


    "Uli Link" <> wrote in message
    news:4788f58f$0$27201$-online.net...
    > SS schrieb:
    >> I'm using two C1812 with Software (C181X-ADVIPSERVICESK9-M), Version
    >> 12.4(6)T9, RELEASE SOFTWARE (fc2). I want to establish site-to-site VPN
    >> between 2 sites. At each site there is dynamic IP address with ADSL. Each
    >> site has its own dyndns name. What is required in my configuration that I
    >> could establish IPSec site-to-site VPN over dyndns names? Some special
    >> commands? Thanks

    >
    > It is not supported, but it works.
    >
    > the trick is to authenticate by the external fqdn instead of the unkown IP
    > addresses and initiate aggressive mode with wildcard preshared keys.
    >
    > Haven't figured out with VTIs until now, only the old crypto map way.
    >
    > --
    > Uli Link
     
    SS, Jan 12, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ivan Ostres

    PIX to PIX VPN with dynDNS

    Ivan Ostres, Jul 15, 2004, in forum: Cisco
    Replies:
    3
    Views:
    4,179
    Ivan Ostres
    Jul 15, 2004
  2. Replies:
    4
    Views:
    5,835
    nwc3po
    Aug 24, 2005
  3. Igor Mamuzic

    DynDNS or not to DynDNS doubt

    Igor Mamuzic, Nov 16, 2005, in forum: Cisco
    Replies:
    4
    Views:
    1,667
    Config T
    Nov 23, 2005
  4. martysharkey
    Replies:
    0
    Views:
    1,444
    martysharkey
    Oct 25, 2006
  5. The Other Mike

    VPN 3005 and dyndns?

    The Other Mike, Nov 19, 2007, in forum: Cisco
    Replies:
    0
    Views:
    364
    The Other Mike
    Nov 19, 2007
Loading...

Share This Page