Cisco - No Dial-up Static, Is Dynamic DNS a Solution?

Hello all,

I’m faced with a problem that I cannot find an ISP that will provide me with STATIC Dial-Up service.  The reason why it has to be STATIC is because I’d like to use this connection as a Backup incase the primary ADSL broadband connection drops.  This will be a VPN environment using a Cisco 1700 series router.

 - Does anyone know of a CANADA wide (or that offers Access Numbers accross Canada) Dial Up provider that offers Static IP address?
 
 - Or is there a way I can use a Dynamic DNS provider to assign a hostname to that Dynamic IP address, and configuring it within the Cisco configuration script?(No third party software)

I know there are several Dynamic DNS services out there but most require a piece of software that will determine the IP address and forward it to the Dynamic DNS provider to update the table.  Has anyone been able to support Cisco routers, I understand that the basic routers (DLink, Linksys) have support for these types of solutions.

Does anyone have any ideas?  

Thanks!


C0pperNicAsked:
Who is Participating?
 
Robing66066Commented:
Hmmmm.  Could you make both keys the same?

So you would have:

Router 1

crypto isakmp key mykey address 66.77.88.99
crypto isakmp key mykey address 0.0.0.0 0.0.0.0

...

crypto map mymap 20 ipsec-isakmp  
 set peer 66.77.88.99
 set transform-set myset
 match address 150

Router 2

crypto isakmp key mykey address 22.33.44.55
crypto isakmp key mykey address 0.0.0.0 0.0.0.0

crypto map mymap 20 ipsec-isakmp  
 set peer 22.33.44.55
 set transform-set myset
 match address 150

So, either one could initiate communication to the peer.  If it comes from the static address, then all is good and it accepts the first crypto line with the correct peer address in it.  If it come from a dynamic address, it accepts the second crypto line with the dynamic peer address.

I haven't tried this, but it seems to me it might just work.  (I know you can have multiple crypto partners with the same key, so I think it should all be good.)
0
 
Robing66066Commented:
I don't know of a ISP that will provide you with a static dialup account, but if you intent is just to set up a VPN tunnel as a backup, you don't need a static address on both sides.  You can set up the 17xx with a VPN tunnel using one side static and one side dynamic.  

Unless you lose both sides at the same time (odds seem low), you should be just fine.  That would be much easier (and cheaper) than trying to find an ISP who will give you a static dialup address.

0
 
C0pperNicAuthor Commented:
I didn't think that you can assign two different crypto isakmp keys to the same destination address.

example on 17xxx:
crypto isakmp policy 20
 encr 3des
 hash md5
 authentication pre-share
crypto isakmp key testPRIMARYSTATICtest address 66.77.88.99
crypto isakmp policy testBACKUPDYNAMICtest address 66.77.88.99

You'll get a pre-shared key already exsists.

Thanks
0
 
chicagoanCommented:
> is there a way I can use a Dynamic DNS provider to assign a hostname to that Dynamic IP address
dyndns.org BUT you'll have to have an agent inside to keep dyndns updated and either use their DNS servers or face propagation delays.

What about using a certificate that has a wild card in it - i.e. 192.192.192.* (assuming you knew the DHCP range)
This could be self-signed ...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.