RE: cry isa key ccie2k9 address (DomainName) is possible from Ryan West on 2009-04-09 (Ccielab archives 04/2009)

From: Ryan West <rwest_at_zyedge.com>
Date: Thu, 9 Apr 2009 08:30:28 -0400

As Farrukh mentioned, you can't do a traditional l2l connection between the devices. You have two other options to consider then, the first I mentioned earlier, Easy VPN -> http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805c5ad9.shtml. Another option that you could choose if you didn't want to do deal with NEM and it's somewhat flaky behavior, is a static to dynamic IPSec configuration. http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

-ryan

-----Original Message-----
From: Farrukh Haroon [mailto:farrukhharoon_at_gmail.com]
Sent: Thursday, April 09, 2009 6:20 AM
To: CCIE-STORM
Cc: Ryan West; Cisco certification
Subject: Re: cry isa key ccie2k9 address (DomainName) is possible

You cannot have a L2L VPN when both sides have dynamic IPs AFAIK.

One side has to be static.

On Thu, Apr 9, 2009 at 12:42 PM, CCIE-STORM <ccie2sale_at_gmail.com> wrote:
> Thanks ryan
>
> but my case is bit differnet
>
> i have a pix on one side with 6.3 code and other end have DSL with dynamic
> ip which keeps on changing now and then from ISP
>
> since the ip keeps on chaning i thought having site to site vpn between pix
> and dsl model
> but no fixed ip ................any better way ....please
>
>
> Waiting
>
> On Sat, Apr 4, 2009 at 4:16 PM, Ryan West <rwest_at_zyedge.com> wrote:
>
>> From the command line it seems possible, but in practice it does not work.
>> It's not hard to hijack the DNS. You may be better off with an "Easy VPN"
>> solution using dynamic peers.
>>
>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> CCIE-STORM
>> Sent: Saturday, April 04, 2009 9:11 AM
>> To: Cisco certification
>> Subject: cry isa key ccie2k9 address (DomainName) is possible
>>
>> Hi Folks
>> Nice Question #
>> Is it possible instead of IP address can we use domain-name , it type this
>> command its rejected on 6.3(4) as well 7.2(2) any suggestions
>>
>> cry isa key ccie2k9 address 1.1.1.1 ( instead of ip add , i wana use
>> abc.com )
>>
>> Please share your answers ...........
>>
>> Regards
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 09 2009 - 08:30:28 ART

This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART