Solved

Cisco - No Dial-up Static, Is Dynamic DNS a Solution?

Posted on 2003-12-03
7
373 Views
Last Modified: 2010-03-19
Hello all,

I’m faced with a problem that I cannot find an ISP that will provide me with STATIC Dial-Up service.  The reason why it has to be STATIC is because I’d like to use this connection as a Backup incase the primary ADSL broadband connection drops.  This will be a VPN environment using a Cisco 1700 series router.

 - Does anyone know of a CANADA wide (or that offers Access Numbers accross Canada) Dial Up provider that offers Static IP address?
 
 - Or is there a way I can use a Dynamic DNS provider to assign a hostname to that Dynamic IP address, and configuring it within the Cisco configuration script?(No third party software)

I know there are several Dynamic DNS services out there but most require a piece of software that will determine the IP address and forward it to the Dynamic DNS provider to update the table.  Has anyone been able to support Cisco routers, I understand that the basic routers (DLink, Linksys) have support for these types of solutions.

Does anyone have any ideas?  

Thanks!


0
Comment
Question by:C0pperNic
  • 2
7 Comments
 
LVL 7

Expert Comment

by:Robing66066
ID: 9867807
I don't know of a ISP that will provide you with a static dialup account, but if you intent is just to set up a VPN tunnel as a backup, you don't need a static address on both sides.  You can set up the 17xx with a VPN tunnel using one side static and one side dynamic.  

Unless you lose both sides at the same time (odds seem low), you should be just fine.  That would be much easier (and cheaper) than trying to find an ISP who will give you a static dialup address.

0
 

Author Comment

by:C0pperNic
ID: 9867986
I didn't think that you can assign two different crypto isakmp keys to the same destination address.

example on 17xxx:
crypto isakmp policy 20
 encr 3des
 hash md5
 authentication pre-share
crypto isakmp key testPRIMARYSTATICtest address 66.77.88.99
crypto isakmp policy testBACKUPDYNAMICtest address 66.77.88.99

You'll get a pre-shared key already exsists.

Thanks
0
 
LVL 7

Accepted Solution

by:
Robing66066 earned 40 total points
ID: 9868119
Hmmmm.  Could you make both keys the same?

So you would have:

Router 1

crypto isakmp key mykey address 66.77.88.99
crypto isakmp key mykey address 0.0.0.0 0.0.0.0

...

crypto map mymap 20 ipsec-isakmp  
 set peer 66.77.88.99
 set transform-set myset
 match address 150

Router 2

crypto isakmp key mykey address 22.33.44.55
crypto isakmp key mykey address 0.0.0.0 0.0.0.0

crypto map mymap 20 ipsec-isakmp  
 set peer 22.33.44.55
 set transform-set myset
 match address 150

So, either one could initiate communication to the peer.  If it comes from the static address, then all is good and it accepts the first crypto line with the correct peer address in it.  If it come from a dynamic address, it accepts the second crypto line with the dynamic peer address.

I haven't tried this, but it seems to me it might just work.  (I know you can have multiple crypto partners with the same key, so I think it should all be good.)
0
 
LVL 18

Assisted Solution

by:chicagoan
chicagoan earned 40 total points
ID: 9868960
> is there a way I can use a Dynamic DNS provider to assign a hostname to that Dynamic IP address
dyndns.org BUT you'll have to have an agent inside to keep dyndns updated and either use their DNS servers or face propagation delays.

What about using a certificate that has a wild card in it - i.e. 192.192.192.* (assuming you knew the DHCP range)
This could be self-signed ...
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question