Re: cry isa key ccie2k9 address (DomainName) is possible

Ryahn in your case you has dynamic IP (using DSL) at one end.
So if you can use Dynamic DNS (like register the Domain Name). You need to
check the DSL model supports Dynamic DNS or not (usually most of the DSL now
a days doing it)

so one end static ip address(outside interface of pix) and other end DSL
(with Dynamic DNS support).

I think it is not a bad idea if you try. Most probably it will work

Thanks

2009/4/9 Ryan West <rwest_at_zyedge.com>

> As Farrukh mentioned, you can't do a traditional l2l connection between the
> devices. You have two other options to consider then, the first I mentioned
> earlier, Easy VPN ->
> http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805c5ad9.shtml.
> Another option that you could choose if you didn't want to do deal with NEM
> and it's somewhat flaky behavior, is a static to dynamic IPSec
> configuration.
> http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml
>
> -ryan
>
> -----Original Message-----
> From: Farrukh Haroon [mailto:farrukhharoon_at_gmail.com]
> Sent: Thursday, April 09, 2009 6:20 AM
> To: CCIE-STORM
> Cc: Ryan West; Cisco certification
> Subject: Re: cry isa key ccie2k9 address (DomainName) is possible
>
> You cannot have a L2L VPN when both sides have dynamic IPs AFAIK.
>
> One side has to be static.
>
> On Thu, Apr 9, 2009 at 12:42 PM, CCIE-STORM <ccie2sale_at_gmail.com> wrote:
> > Thanks ryan
> >
> > but my case is bit differnet
> >
> > i have a pix on one side with 6.3 code and other end have DSL with
> dynamic
> > ip which keeps on changing now and then from ISP
> >
> > since the ip keeps on chaning i thought having site to site vpn between
> pix
> > and dsl model
> > but no fixed ip ................any better way ....please
> >
> >
> > Waiting
> >
> > On Sat, Apr 4, 2009 at 4:16 PM, Ryan West <rwest_at_zyedge.com> wrote:
> >
> >> From the command line it seems possible, but in practice it does not
> work.
> >> It's not hard to hijack the DNS. You may be better off with an "Easy
> VPN"
> >> solution using dynamic peers.
> >>
> >> -----Original Message-----
> >> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> >> CCIE-STORM
> >> Sent: Saturday, April 04, 2009 9:11 AM
> >> To: Cisco certification
> >> Subject: cry isa key ccie2k9 address (DomainName) is possible
> >>
> >> Hi Folks
> >> Nice Question #
> >> Is it possible instead of IP address can we use domain-name , it type
> this
> >> command its rejected on 6.3(4) as well 7.2(2) any suggestions
> >>
> >> cry isa key ccie2k9 address 1.1.1.1 ( instead of ip add , i wana use
> >> abc.com )
> >>
> >> Please share your answers ...........
> >>
> >> Regards
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Muhammad Nasim
Network Engineer
Saudi Arabia
Blogs and organic groups at http://www.ccie.net