Announcement

Collapse
No announcement yet.

Cisco Tunnel using dynamic DNS addresses

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco Tunnel using dynamic DNS addresses

    Is there any way to configure a Tunnel between two Cisco routers located over the Internet, each of which do not have a static IP address?

    Each location is connected via cable Internet, and we're not paying for a static IP address. However, each location DOES have a hostname using dyndns.org, that is kept updated with the current IP address of that location.

    For the tunnel on each side, we have configured as:

    For Site 1, we'll say DNS name is "site1.testdomain.dyndns.org" (not real, but for hte point of discussion). This site is using a Cisco 1710 router with IOS 12.3.14(T5) (c1710-k903sy-mz.123-14.T5.bin). Ethernet0 is used as the connection to the cable modem and thus Internet:

    Code:
    interface Tunnel0
       ip address 1.1.1.1 255.255.255.0
       tunnel source Ethernet0
       tunnel destination site2.testdomain.dyndns.org
    And site 2 has DNS name "site2.testdomain.dyndns.org", using a Cisco 1760 running IOS 12.4(15)T7 (c1700-adventerprisek9-mz.124-15.T7.bin) , and FastEthernet0/0.90 (VLAN 90) is used as the WAN interface:

    Code:
    interface Tunnel0
       ip address 1.1.1.2 255.255.255.0
       tunnel source FastEthernet0/0.90
       tunnel destination site1.testdomain.dyndns.org
    Everything works perfectly, but as soon as one types the "tunnel destination" line, IOS does a DNS request to resolve the domain name, and puts the IP address itself into the configuration, ie:

    Code:
       tunnel destination site1.testdomain.dyndns.org
    becomes something like

    Code:
       tunnel destination 5.6.7.8 (of course not a real address in this example)
    While this WORKS so long as the IP address of each site on the Internet does not change, how does one get this to handle changes?

    Would certainly be nice if IOS kept the hostname in the configuration UNTIL the Tunnel needed to be established, and then resolved it. It would then use this IP for the tunnel until the tunnel is torn down for any reason (router reboot, manually bringing down the interface, ISP changing the IP address on the WAN/Internet, etc). And then when it tried to reestablish the tunnel it again would make a DNS request for the IP address (whcih may have changed) and use that to bring up the tunnel.

    Of coruse, there's always the chance (however very unlikely) that if the external IP changes, the remote router could actually attempt to connect to SOMEONE ELSE's network who may now own that IP (little chance of it being successful I know, but it COULD happen - of course encryption could prevent that, but that's another matter).

    Any way to do this?

    If not, what other method would you propose? One thought would simply to use a dialup VPN configuration, but I'd rather keep this simple if possible.

    Short of paying monthly for a static IP on both sides, any other way to achieve this?

    Brian
    Last edited by hraynor; 6th October 2010, 19:55.
Working...
X