Dynamically Assigned IP Security Gateways
A Dynamically Assigned IP (DAIP) Security Gateway is a Security Gateway where the external interface's IP
address is assigned dynamic
ally by the ISP. Creating VPN tunnels with DAIP Security Gateways are only
supported by using certificate authentication. Peer Security Gateways identify internally managed DAIP
Security Gateways using the DN of the certificate. Peer Security Gateways iden
tify externally managed
DAIP Security Gateways and 3rd party DAIP Security Gateways using the
Matching Criteria
configuration
DAIP Security Gateways may initiate a VPN tunnel with non
-DAIP Security Gateways. However, since a
DAIP Security Gateway's external IP address is always changing, peer Security Gateways cannot know in
advance which IP address to use to connect to the DAIP Security Gateway. As a result, a peer Security
Gateway cannot initiate a VPN tunnel with a DAIP Security Gateway unless DNS Resolv
ing is configured on
the DAIP Security Gateway. For more information, see Link Selection
(on page 96).
If the IP on the DAIP Security Gateway changes during a session, it will renegotiate IKE using the newly
assigned IP address.
In a star community when VPN routing is configured, DAIP Security Gateways cannot initiate connections
from their external IP through the center Security Gateway(s) to other DAIP Security Gateways or through
the center to the Internet. In this configuration, connections from the encryption domain of the DAIP are
supported.
.png "Andreas_Aust"){kind=avatar}
.png "Wolfgang"){kind=avatar}
