0

Note: I have never attempted this before trying today but I knew it was possible due to research online. So I gave it a try and got it to work...

I have one static host (let's call it HOST_S) which is the main site and one dynamic host (called HOST_D) which is one of many remote sites. I want to create a VPN tunnel from static host HOST_S to dynamic host HOST_D.

Network Layout... Network Layout

As you can see in the layout, I'm creating a tunnel between one static host and one dynamic host. Currently I can get this to work flawlessly with no issues at all. The main reason for this question to be posted was to find out if it was possible to do this same thing without using the default Site-To-Site policy (DfltGrpPolicy) and the default tunnel group (DefaultL2LGroup). I have tried to create a new connection profile on the main site (HOST_S) using a peer IP address of 0.0.0.0 and connection name of 0.0.0.0 but that would not work because when HOST_D connects (because it HAS to connect to HOST_S) then HOST_S does not reconize then host trying to connect. It seems that if you want to have non static hosts connect then you have to use the default policy/tunnel settings.

Is there a way to create a new connection profile for a dynamic vpn host that is remotely connecting to the main site?

Arvo Bowen
  • 795
  • 5
  • 15
  • 33
  • Is it possible to specify a hostname rather than an IP address for HOST_D in HOST_S's configuration? If so you could make use of a dynamic DNS to update the IP address on HOST_D when it changes, the only draw back is there will always be downtime on the tunnel until the IP address changes propagates. – Persistent13 Sep 22 '15 at 22:17
  • Not a bad idea... Not a bad idea at all. I don't think this is the intended way that Cisco had in mind though. I will try that soon and report back. Thanks! – Arvo Bowen Sep 22 '15 at 23:22

0 Answers0