Solved

Cisco - No Dial-up Static, Is Dynamic DNS a Solution?

Posted on 2003-12-03
7
376 Views
Last Modified: 2010-03-19
Hello all,

I’m faced with a problem that I cannot find an ISP that will provide me with STATIC Dial-Up service.  The reason why it has to be STATIC is because I’d like to use this connection as a Backup incase the primary ADSL broadband connection drops.  This will be a VPN environment using a Cisco 1700 series router.

 - Does anyone know of a CANADA wide (or that offers Access Numbers accross Canada) Dial Up provider that offers Static IP address?
 
 - Or is there a way I can use a Dynamic DNS provider to assign a hostname to that Dynamic IP address, and configuring it within the Cisco configuration script?(No third party software)

I know there are several Dynamic DNS services out there but most require a piece of software that will determine the IP address and forward it to the Dynamic DNS provider to update the table.  Has anyone been able to support Cisco routers, I understand that the basic routers (DLink, Linksys) have support for these types of solutions.

Does anyone have any ideas?  

Thanks!


0
Comment
Question by:C0pperNic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
7 Comments
 
LVL 7

Expert Comment

by:Robing66066
ID: 9867807
I don't know of a ISP that will provide you with a static dialup account, but if you intent is just to set up a VPN tunnel as a backup, you don't need a static address on both sides.  You can set up the 17xx with a VPN tunnel using one side static and one side dynamic.  

Unless you lose both sides at the same time (odds seem low), you should be just fine.  That would be much easier (and cheaper) than trying to find an ISP who will give you a static dialup address.

0
 

Author Comment

by:C0pperNic
ID: 9867986
I didn't think that you can assign two different crypto isakmp keys to the same destination address.

example on 17xxx:
crypto isakmp policy 20
 encr 3des
 hash md5
 authentication pre-share
crypto isakmp key testPRIMARYSTATICtest address 66.77.88.99
crypto isakmp policy testBACKUPDYNAMICtest address 66.77.88.99

You'll get a pre-shared key already exsists.

Thanks
0
 
LVL 7

Accepted Solution

by:
Robing66066 earned 40 total points
ID: 9868119
Hmmmm.  Could you make both keys the same?

So you would have:

Router 1

crypto isakmp key mykey address 66.77.88.99
crypto isakmp key mykey address 0.0.0.0 0.0.0.0

...

crypto map mymap 20 ipsec-isakmp  
 set peer 66.77.88.99
 set transform-set myset
 match address 150

Router 2

crypto isakmp key mykey address 22.33.44.55
crypto isakmp key mykey address 0.0.0.0 0.0.0.0

crypto map mymap 20 ipsec-isakmp  
 set peer 22.33.44.55
 set transform-set myset
 match address 150

So, either one could initiate communication to the peer.  If it comes from the static address, then all is good and it accepts the first crypto line with the correct peer address in it.  If it come from a dynamic address, it accepts the second crypto line with the dynamic peer address.

I haven't tried this, but it seems to me it might just work.  (I know you can have multiple crypto partners with the same key, so I think it should all be good.)
0
 
LVL 18

Assisted Solution

by:chicagoan
chicagoan earned 40 total points
ID: 9868960
> is there a way I can use a Dynamic DNS provider to assign a hostname to that Dynamic IP address
dyndns.org BUT you'll have to have an agent inside to keep dyndns updated and either use their DNS servers or face propagation delays.

What about using a certificate that has a wild card in it - i.e. 192.192.192.* (assuming you knew the DHCP range)
This could be self-signed ...
0

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question