Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

need solution... 3 sites all using dynamic ip

Status
Not open for further replies.
reynolwi

reynolwi

IS-IT--Management
Sep 7, 2006
452
US
Ok i need a newer solution, or newer hardware. I currently use Symantec VPN/Firewall 200 & 100 routers for my VPN tunnels. The 2 sites that are here in town do not change dynamic ip addresses very often (maybe once every 3 or 4 months or when theres a hardware issue). The remote site that is 4 hours away though changes the freaking ip every 3 days... (at&t ofcourse). I have been looking into newer hardware and have seen linksys rvs4000, zyxel, and i think sonicwall. im not real fond of sonicwall because ive had serious issues with them before.

All the sites are setup with NO-IP.com and are constantly checking their IPs and updating them automatically when they change and each have their own domainnames and resolve correctly all the time. Theres no problem there, the problem is the symantec devices are not updating very fast and then have problems reconnecting after the tunnel goes down because of this. Ive been reading about the linksys rvs4000 and the userguide and it looks like it could work because they talk about all sites using Dynamic ip addresses and its capable of managing this.

Can anyone recommend any other manufacturer or solution to my problem?

Wm. Reynolds
RRWDS | TxPSS


- - - - - - - - - - - - -
Network Error:
Hit any user to continue
 
Sort by date Sort by votes
The true solution is to pony up and pay for static ip addresses. I am unaware of any hardware that will use dynamic dns for a vpn endpoint. That is a huge security issue.
 
Upvote 0 Downvote
thats looking at roughly ~$700+ a monthly for 3 sites. I was doing good with just the 2 sites because i did not have this problem but when i added the 3rd site at&t changes ips almost every 3 days which is new to me. The linksys device supports dynamic ip setups but i did not know if anybody has used these devices. We just can not afford to pay that much a month right now for dynamic ips. It is being looked into later down the road as we move thru budget but its not an option right now. I wish we didnt have to use at&t for the 3rd site but they were the cheapest provider and its DSL. I wanted cable modem but charter wanted a lot of money a month.

Wm. Reynolds
RRWDS | TxPSS


- - - - - - - - - - - - -
Network Error:
Hit any user to continue
 
Upvote 0 Downvote
$700/month for 3 sites for static IP's??? Is this ALL dsl???

Burt
 
Upvote 0 Downvote
Hi,
I have used Hamachi from on one of my sites that have a remote user. They use it to see the intranet site at the main office, don't have static ip and don't want to pay to get one.
Works well and it's free.

Regards
Max
 
Upvote 0 Downvote
well it works when i have everything correct. Im trying to get a better figure for static ips but i mean if i can get the at&t thing down why should i worry about static ips. I mean i already have a working tunnel between the 2 sites here in town and they have dynamic ips. i am sure some manufacturer has an appliance that handles this and it looks like linksys might be the one. I do not totally like linksys but i think i need newer devices because i have noticed that the symantec devices take a long time resolving the dns names to an ip address.

Wm. Reynolds
RRWDS | TxPSS


- - - - - - - - - - - - -
Network Error:
Hit any user to continue
 
Upvote 0 Downvote
Nobody's mentioned Dynamic DNS services, like tzo.com or DynDNS. I have a SonicWall VPN and it points to the Tzo domain with unerring consistency.

It can be an applet running on the server itself or sometimes on the router or VPN hardware. My ISP charges $50/month for dynamic, and $100/month for static, and Tzo charges like $39/year and that includes the domain hosting. I chose the FQDN domain myservername2.com for ease of memory.

The only drawback is my server is an SBS box that has Exchange, and we started getting bounced emails from MS-related emails like msn.com & hotmail.com, stating that they were auto-blacklisting any mail from dynamic IPs. I fixed that by using my ISP's server as a SmartHost, in my case smtp.comcast.net.

Forgive me if this is an overly-simplistic solution and I don't understand the question completely [smile].


Tony

Users helping Users...
 
Upvote 0 Downvote
reynolwi said:
All the sites are setup with NO-IP.com
Click to expand...

Oops...Never mind, go about your business, smoke 'em if ya got 'em...


Tony

Users helping Users...
 
Upvote 0 Downvote
The script in my Cisco 2620XM NEVER works, so I have to always update dyndns.org...I only have the one vpn, remote access vpn, to my house.

Burt
 
Upvote 0 Downvote
well i have a dynamic update client installed on each domain controller at each site and it is set to poll the public ip every 10 mins and then update automatically if neccessary. I do not trust the router to check the ip address and update it cause something can go wrong.

Wm. Reynolds
RRWDS | TxPSS


- - - - - - - - - - - - -
Network Error:
Hit any user to continue
 
Upvote 0 Downvote
The Linksys option is probably your best bet... but you will almost certainly have to replace all of your equipment (I assume you have Symantec Gateway 100/200 at each location) as I would anticipate major headaches trying to get a VPN connecting between that and the Linksys.

Use the DynDNS optionon the Linksys rather than anything running on the servers - that way you can still at least perform some troubleshooting remotely if a server is causing issues.

Linksys RVS4000 has been working well in several of our environments.
 
Upvote 0 Downvote
Late reader but I will add my experiences.
I had a remote user that had a LInksys vpn capable router using a dynamtic IP from their ISP.

On the host end I used a Netopia router (now Motorola) and the trick was to leave the remote public IP empty (blank or zeros) which signified a dynamic IP and as long as all other factors were consistent, IKE profile values, names, paramters, etc, etc, etc), right down to the connection profile names) it would work fine each time when connecting. Don't know why but if even ONE parameters, names included, were different, no connection would be established.

This might be something worth looking at. Netopia has a pretty good support site with a lot of tech bulletins that you can read for free and get some ideas that apply to other gear as well.

Good luck.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
567
GlobeTrekkerGal
GlobeTrekkerGal
Sparrow4
  • Locked
  • Question
CISCO AnyConnect - URL instead of IP Address
Replies
4
Views
1K
iggsterman
iggsterman
RogerRuntings
  • Locked
  • Question
VPN at Head Office to allow agents working from home to communicate (VOIP) with an external dialer
Replies
3
Views
739
iggsterman
iggsterman
Randy_F
  • Locked
  • Question
Need to connect to a VPN on startup... how to run a script that will automatically reconnect
Replies
0
Views
295
Randy_F
Randy_F

Part and Inventory Search

Sponsor

Back
Top