Home Page

VPN & Cryptography

Firewalls

Email & Spam

Security Terminology

 

VPN Terminology

VPN Tutorial Guide

3DES

AES

Aggressive Mode

Authentication Header

Asymmetric Encryption

Authentication

Certification Authority

Data Integrity

DES

Diffie-Hellman

Digital Certificate

Dynamic IP addresses

Encryption

ESP

IKE Oakley & ISAKMP

IPSec

IPSec Quick Mode

L2TP

Main Mode

MD5

NAT-T

PFS

PKI

Policy-vs-Route-VPN

PPTP

Pre-Shared Key

Remote Access User

RSA

Security Association

Sha-1

Site to Site VPN

SSL VPN

Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel

 

Creating a VPN Tunnel with Dynamic IP addresses using DynDNS

 

 

 

When creating a site-to-site VPN connection, we would use public static IP addresses to connect to each end. At one end we would tell our firewall to connect to the other firewall by specifying its static public IP address, and then we would do the same at the other end. However some public IP’s are not static and are dynamically assigned by the ISP. Now we have a problem because the remote firewalls IP address changes every so often and this means our firewall will be pointing to an incorrect IP address after the first time it changes to a different IP address.

The way we can overcome the issue is by registering our firewall/VPN gateway device with a provider like DynDNS.com. We would register our current firewall/VPN gateway device IP address along with a URL to use on our firewall. From here onwards, anytime the VPN device IP address changes, DynDNS will know about the change and update the change accordingly. This means, the URL will always reflect the correct IP address.

How the update works is, a customer would install DynDNS software on its local network, and when the ISP changes the customer’s IP address, the software sends this new IP address to DynDNS.com.

So in your VPN device (assuming you device supports this feature), you would specify a URL instead of an IP address to reach the remote firewall/VPN gateway device your connecting to. As the URL will always reflect the correct IP address of the remote end device, the VPN settings will be up to date in line with the dynamic change and therefore the VPN tunnel will always remain active.