Branch office tunnel issue

[stevomorrison]

I have a nortel BCM 50e using the internal contivity router
to establish a branch office connection to another site using a Contivity 1050 router. The only thing that has changed is that the site with the BCM no longer has a static address.No matter what i try i cannot have the branch office tunnel connect. I have changed the address in the other vpn settings to the DHCP address but it will not synch up. I am getting messages such as unprotected delete message and invalid payload type. After doing some reading it seems as though you cannot have a static on one end and a dhcp on the other. Does anyone know this to be true.

 

[coopermarsh]

What do you man the site does not have a static address, is the public address DHCP? or is the internal private address of the BCM dhcp?

A branch office will require an endpoint. If the endpoint is natted(which it should be) the nat should be a specific ip, dhcp should not pose much of a problem unless your dhcp lease is very short, the bcm is constantly changing ip.

But ideally with VPN's static IP's should be used.

 

[burtsbees]

That is true, as far as I know, but I could very well be wrong. Since you have to set the peer in each router via IP address rather than dns name, then it cannot be done with a dynamic IP address. A remote access vpn is different---you don't set any peer...the user uses a vpn client that defines the vpn server as the host it connects to, and you can usually set this with the dns name (at least in Cisco you can...).

Burt

 

[coopermarsh]

In Nortel contivity Branch offices an endpoint must be specified as an IP address, this will usually be an internet IP.

Unless an internal VPN is being setup using a wan connection, even then the routing will know how to route to the destination.