[vpn] Rebuilding Tunnels with Dynamic Clients

Mark Riehl mark.riehl at agilecommunications.com
Fri Dec 21 11:45:04 EST 2001

All - We're deploying a VPN using a Cisco 515 Pix at the main site and a
Cisco 806 at approximately 15 remote sites.  A few of the remote sites use
DSL and their IP addresses can be dynamically assigned.  The Pix has a
static IP.

If one of our 806 boxes changes IP, the 806 will reestablish VPN tunnels to
all of the remote sites w/o any intervention.  What if two remote sites
change IP address at the same time?  Each of the newly changed sites will be
able to rebuild tunnels to all remote sites except each other (since they
don't know the new IPs).

What's the best way to handle this?  One of our requirements is to have a
hands off policy for the VPN equipment at the remote sites.  I know that our
admin can change the config files in each affected 806, but we'd like to
automate this.  Is there a way to do this, or, should we just push for
static IPs at each of the remote sites?

Any suggestions?

Thanks for the help,

Mark Riehl
Agile Communications, Inc.
Email: mark.riehl at agilecommunications.com 

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list