Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco - No Dial-up Static, Is Dynamic DNS a Solution?

Posted on 2003-12-03
7
Medium Priority
?
377 Views
Last Modified: 2010-03-19
Hello all,

I’m faced with a problem that I cannot find an ISP that will provide me with STATIC Dial-Up service.  The reason why it has to be STATIC is because I’d like to use this connection as a Backup incase the primary ADSL broadband connection drops.  This will be a VPN environment using a Cisco 1700 series router.

 - Does anyone know of a CANADA wide (or that offers Access Numbers accross Canada) Dial Up provider that offers Static IP address?
 
 - Or is there a way I can use a Dynamic DNS provider to assign a hostname to that Dynamic IP address, and configuring it within the Cisco configuration script?(No third party software)

I know there are several Dynamic DNS services out there but most require a piece of software that will determine the IP address and forward it to the Dynamic DNS provider to update the table.  Has anyone been able to support Cisco routers, I understand that the basic routers (DLink, Linksys) have support for these types of solutions.

Does anyone have any ideas?  

Thanks!


0
Comment
Question by:C0pperNic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
7 Comments
 
LVL 7

Expert Comment

by:Robing66066
ID: 9867807
I don't know of a ISP that will provide you with a static dialup account, but if you intent is just to set up a VPN tunnel as a backup, you don't need a static address on both sides.  You can set up the 17xx with a VPN tunnel using one side static and one side dynamic.  

Unless you lose both sides at the same time (odds seem low), you should be just fine.  That would be much easier (and cheaper) than trying to find an ISP who will give you a static dialup address.

0
 

Author Comment

by:C0pperNic
ID: 9867986
I didn't think that you can assign two different crypto isakmp keys to the same destination address.

example on 17xxx:
crypto isakmp policy 20
 encr 3des
 hash md5
 authentication pre-share
crypto isakmp key testPRIMARYSTATICtest address 66.77.88.99
crypto isakmp policy testBACKUPDYNAMICtest address 66.77.88.99

You'll get a pre-shared key already exsists.

Thanks
0
 
LVL 7

Accepted Solution

by:
Robing66066 earned 160 total points
ID: 9868119
Hmmmm.  Could you make both keys the same?

So you would have:

Router 1

crypto isakmp key mykey address 66.77.88.99
crypto isakmp key mykey address 0.0.0.0 0.0.0.0

...

crypto map mymap 20 ipsec-isakmp  
 set peer 66.77.88.99
 set transform-set myset
 match address 150

Router 2

crypto isakmp key mykey address 22.33.44.55
crypto isakmp key mykey address 0.0.0.0 0.0.0.0

crypto map mymap 20 ipsec-isakmp  
 set peer 22.33.44.55
 set transform-set myset
 match address 150

So, either one could initiate communication to the peer.  If it comes from the static address, then all is good and it accepts the first crypto line with the correct peer address in it.  If it come from a dynamic address, it accepts the second crypto line with the dynamic peer address.

I haven't tried this, but it seems to me it might just work.  (I know you can have multiple crypto partners with the same key, so I think it should all be good.)
0
 
LVL 18

Assisted Solution

by:chicagoan
chicagoan earned 160 total points
ID: 9868960
> is there a way I can use a Dynamic DNS provider to assign a hostname to that Dynamic IP address
dyndns.org BUT you'll have to have an agent inside to keep dyndns updated and either use their DNS servers or face propagation delays.

What about using a certificate that has a wild card in it - i.e. 192.192.192.* (assuming you knew the DHCP range)
This could be self-signed ...
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
This program is used to assist in finding and resolving common problems with wireless connections.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question