Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bar_G
Explorer

IPSEC with dynamic ip

hello,

I got this scenario, 

In my compay (HQ) we've a cp 5000 appliance, in our branches we have a cp 1430 or 1100 and we create a IPsec between the HQ (5000) to our brances through the internet. both sides configure with ip static from ISP.

now I got a new branche that it is difficult to get from the isp a ip static.

now I want to know if there is any option to do IPSEC when one side (our HQ) is configure with ip static , and the other side is configure with a dynamic ip and how ?

we're working with version r80.10

thanks guy's.

0 Kudos
3 Replies
Wille010
Contributor

Generate a certificate to use with the daip gateway. Either use 3rd Party Trusted CA to generate Certificates for Gateways or you can use the ICA to generate a Cert to use with the DAIP gateway.

Maybe sk94028 will help.

Cheerz,

Lesley

0 Kudos
Bar_G
Explorer

I just forgot to mention we're working with NAT on both sides,this is effect on the configuration ? 

0 Kudos
Maarten_Sjouw
Champion
Champion

Is your center gateway behind a NAT device? As long as this is a static NAT that forwards all traffic to the Static NAT IP to your gateway, this should not be a problem.

Just define the 1100/1400 gateway in central management with Dynamic IP and in the center gateway you define the External NAT IP in the link selection page of the gateway object. Now just add both gateways to a star community (center gw as center and 1100/1400 as satellite) and set the configuration as you want, do not set a pre-shared key when gateways are managed by the same management server.

Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events