IPsec Site to Site VPN with Dynamic Public IP
Summary Insights:
- Today we will cover IPsec site to site VPN with dynamic IP on one side. As you know to establish IPsec site to site VPN one side must be static public ip address. In some cases, branches site has ADSL ( Asymmetric Digital Subscriber Line) assigning Dynamic IP connection but on main Data Center side static public ip address.
- Dynamic public IP configuration will be done on cisco routers
If you want to learn IPsec site to Site VPN with both side static ip address & HUB to spoke click here –> IPsec site to site
IPsec Site-to-Site VPN With Dynamic IP
Below are the topology that one side Data center static public ip address & branch side has dynamic ip address ,Now we need to configure IPsec site to site VPN.
The Same IPsec configuration will do that we covered in our last IPsec Configuration post only below change required on Data Center (DC) router.
EVE-NG Topology:
Below topology will be used , LAN side subnet configured on loopback interface
Branch site has dynamic ip but just to verify in lab i have configured 200.0.0.1
Configuration on DC site:
Interface IP Address
Crypto Policy & Key Configuration,peer ip is 0.0.0.0
There is no ACL on DC site
Configure Dynamic MAP & Call Dynamic map in normal MAP as below
Default static route toward ISP & Call crypto map under interface
!
ip route 0.0.0.0 0.0.0.0 100.0.0.2
!
interface FastEthernet0/0
ip address 100.0.0.1 255.255.255.0
duplex half
crypto map mymap
!
Configuration on Branch-Office
Physical & loopback interface IP address
Crypto Policy Configuration on Branch-office
Access list Configuration
Crypto MAP configuration
Default static route & Physical interface configuration
!
ip route 0.0.0.0 0.0.0.0 200.0.0.2
!
!
interface FastEthernet0/0
ip address 200.0.0.1 255.255.255.0
duplex half
crypto map mymap
!
Verification
DC LAN IP address is pingable from Branch-Office
Verify IPsec Tunnel is up
