VPN L2TP with NAT and DDNS

2»

Comments

  • warwickt
    warwickt Posts: 111  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    Hi Alan, yes you can use  IPSEC VPN site to site with a WAN port on each of the USG's with a dynamic-dns (e.g. no-ip.com ) broadcasting the IPV4 (dynamic IP address) or IPV6 9/64 and host name) .

    I use a VTI tunnel between the USG's.... so much easier for routing etc. 

    The DDNS service used in our implementations with dynamic IPV4 WANs AND with block /64 IPV6s is no-ip.com

    USE what ever you like as you see fit.......

    Here's the basics...
    use something unique to identify the gateways on each end .. refer to parameters 2-5 below.

    parameter #1 is of course the remote dynamics-dns host you use....  make sure the ISG's have it active.... works great!

    Site 1 - ddns host name= "site1.dyndns.org'
    1. VPN  Gateway / Peer Gateway Address / Status Address --> "site2.dyndns.org"
    2. VPN  Gateway / Authentication Local ID Type: "E-Mail"
    3. VPN  Gateway / Content: "any_email@site1.dyndns.org" (any concocted string will do) 
    4. VPN  Gateway / Peer ID Type : E-mail
    5. VPN  Gateway / Content: "any_email@site2.dyndns.org" (any concocted string will do) 

    Site 2 - ddns host name= "site2.dyndns.org'
    1. VPN  Gateway / Peer Gateway Address / Status Address --> " site1.dyndns.org"
    2. VPN  Gateway / Authentication Local ID Type: "E-Mail"
    3. VPN  Gateway / Content: "any_email@site2.dyndns.org" (any concocted string will do) 
    4. VPN  Gateway / Peer ID Type : E-mail
    5. VPN  Gateway / Content: "any_email@site1.dyndns.org" (any concocted string will do) 
    VPN Connection .. usual stuff. 

    HTH
    warwick
    Hong Kong

Security Highlight