[vpn] Netscreen and dynamic IP
Jose Muniz
jmuniz at loudcloud.com
Tue Jan 22 20:41:14 EST 2002
Yes, it is possible.
You could use an identity as an identifier, instead of a unicast IP address.
However you are only going to be able to initiate connections in one direction,
once the SA's are established you can have flows in both directions if
the policy say so.
Here is a sample for ya:
set ike gateway "GATEWAY_NAME" ip 0.0.0.0 id "jane at no-ip.net" Aggr preshare
"PRESHARED_SECRET" proposal "pre-g2-3des-md5"
To tight it up a bit you could also enable authentication. It works well.
Jose.
"Franco Sabaris, Javier" wrote:
> Hi!
>
> I need to set up a VPN that uses ADSL/Cable in the remote sites.
>
> These ADSL/Cable services don't provide a fixed IP address. The IP address
> is dynamic.
> The central site has a fixed IP.
>
> I would like to use Netscreen hardware devices both in the central site and
> in the remote sites.
>
> Is it possible to configure the Netscreen 5xp to use dynamic addresses in
> the remote sites? Has anybody tried such a configuration?
>
> Saúdos,
> Xavo
>
> VPN is sponsored by SecurityFocus.com
--
Jose Muniz
Network Engineering
Loudcloud, Inc.
(408)744-7583 Direct
page-jmuniz at loudcloud.com
-------------------------
http://www.loudcloud.com
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list