how to VPN to my cisco house router without a static ip

inscom.brigade

I have looked, goggled and all the directions are for a lynksys wrtg, maybe with ddrt, or tomato.

I am using a cisco router at my house behind a Comcast modem.
I have dhcp outside and inside, I do not have a static IP, not sure the IP lease time.

All the cisco directions assume to use a static ip.

any one do this?

router cisco IOS 871w

Chinook

I can't speak for Comcast but it's likely your dynamic IP is pretty static especially if it's a cable modem. I use DSL and my IP never seems to change. Just use it as it is and when it changes re-config the router.

TWX

Way the hell back in the late nineties I had my linux box determine the IP and e-mail the IP to me on a regular basis. Haven't done it in a long time.

inscom.brigade

I guess I have the public ip from the isp on my WAN int assigned from my dhcp configs. I have the subnet mask, gateway and DNS servers. SO I guess that should do it then. sorry to waste space and bandwidth (again). I will do like you say Chinook

OctalDump

I might be missing something, but you'd apply the VPN crypto map to the WAN interface (no need for IP), and the access-list (if any) also to the WAN interface. I don't think you need the public IP at all, except when configuring the client.

For the client, I'd suggest looking at a dynamic DNS service, usually a few dollars a year. You set it up on a box inside your network (I think there are clients also for some routers), and then the client will poll its public IP regularly and communicate with the dynamic DNS server to update the A record. On the client end (the remote computer VPNing into the Cisco) you just use this dynamic domain name as the VPN server address.

These addresses do tend to be fairly static, since the modem is always on, it's simpler to keep giving the same address. So as suggested, you can likely get away without using dynamic DNS most of the time.

Qord

OctalDump wrote: »

For the client, I'd suggest looking at a dynamic DNS service, usually a few dollars a year.

I use the service from no-ip for this. I'm cheap, so went with the free version. Just a small executable on a windows box, it checks in with the no-ip servers daily. No complaints from me, it works.

CSCOnoob

I use duckdns.

dmar001

What kind of VPN are you trying to do Site to site or SSL vpn? What device are you trying to set the VPN with?

I done it in the past with an ASA HQ ->Site-to-site-VPN->Teleworkers home ->1841.

I haven't tried a SSL vpn to home.

dmar001

I've only seen the dhcp ip address change if you keep changing router devices as the edge device. But if you keep the same edge device and restart it a million times it keeps the same ip address. I heard from someone that they've kept the same ip dhcp address for over a year. I take it as long as you don't change the router it'll hold on to that ip address for a long time.

TWX

dmar001 wrote: »

I've only seen the dhcp ip address change if you keep changing router devices as the edge device. But if you keep the same edge device and restart it a million times it keeps the same ip address. I heard from someone that they've kept the same ip dhcp address for over a year. I take it as long as you don't change the router it'll hold on to that ip address for a long time.

It changes because the MAC address changes. If you spoof your MAC on the new device to the MAC of the old device it should remain the same.

ImYourOnlyDJ

What I did was sign up for a Dynamic DNS service (I used NoIP.com and have used both their free and paid for services) and set the router to update that DNS every few minutes. I then configured the router to be a PPTP VPN server. I know I had that working on my 2621xm though I believe I also had it working on my 881w (current home router). I'll post some configs if I get a chance.