Re: cry isa key ccie2k9 address (DomainName) is possible from Farrukh Haroon on 2009-04-11 (Ccielab archives 04/2009)

From: Farrukh Haroon <farrukhharoon_at_gmail.com>
Date: Sat, 11 Apr 2009 11:48:15 +0300

Yes, you could create a 'dynmaic' crypto map on the PIX, and hardcode
the DSL end. However the VPN tunnel connection can only be intiiated
from hosts behind the DSL modem and not the PIX. Once the SA is
formed, both sides can communicate as normal.

Some examples:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a0080094680.shtml

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008051a69a.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml

Regards

Farrukh

On Sat, Apr 11, 2009 at 9:28 AM, CCIE-STORM <ccie2sale_at_gmail.com> wrote:
> Yes offcourse PIX has fixed ip , and DSL dynamic IP...
>
> Is there any way to terminate vpn in this case
>
> On Thu, Apr 9, 2009 at 1:19 PM, Farrukh Haroon <farrukhharoon_at_gmail.com>
> wrote:
>>
>> You cannot have a L2L VPN when both sides have dynamic IPs AFAIK.
>>
>> One side has to be static.
>>
>> On Thu, Apr 9, 2009 at 12:42 PM, CCIE-STORM <ccie2sale_at_gmail.com> wrote:
>> > Thanks ryan
>> >
>> > but my case is bit differnet
>> >
>> > i have a pix on one side with 6.3 code and other end have DSL with
>> > dynamic
>> > ip which keeps on changing now and then from ISP
>> >
>> > since the ip keeps on chaning i thought having site to site vpn between
>> > pix
>> > and dsl model
>> > but no fixed ip ................any better way ....please
>> >
>> >
>> > Waiting
>> >
>> > On Sat, Apr 4, 2009 at 4:16 PM, Ryan West <rwest_at_zyedge.com> wrote:
>> >
>> >> From the command line it seems possible, but in practice it does not
>> >> work.
>> >> It's not hard to hijack the DNS. You may be better off with an "Easy
>> >> VPN"
>> >> solution using dynamic peers.
>> >>
>> >> -----Original Message-----
>> >> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> >> CCIE-STORM
>> >> Sent: Saturday, April 04, 2009 9:11 AM
>> >> To: Cisco certification
>> >> Subject: cry isa key ccie2k9 address (DomainName) is possible
>> >>
>> >> Hi Folks
>> >> Nice Question #
>> >> Is it possible instead of IP address can we use domain-name , it type
>> >> this
>> >> command its rejected on 6.3(4) as well 7.2(2) any suggestions
>> >>
>> >> cry isa key ccie2k9 address 1.1.1.1 ( instead of ip add , i wana use
>> >> abc.com )
>> >>
>> >> Please share your answers ...........
>> >>
>> >> Regards
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Apr 11 2009 - 11:48:15 ART

This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART