Dynamic IP's for Site to Site?

  • I have a client that wants to setup a site to site VPN but their ISP’s don’t offer static IP addresses. Can I still create a site to site using hostnames (DynDNS) instead of IP addresses? I’ve seen examples on Juniper’s site about setting up VPN’s when one side is dynamic and one side is static. But I see no examples if both sides have dynamic IP addresses. I was thinking of using 5GT’s. If ScreenOS doesn’t support this, a recommendation for this setup would be greatly appreciated.

  • yes you can use dynamic ips on both sites. all you need to do is specify FQDN names that you can come up with on your own. eg: site-nsame.vpn.company-name.com and make sure the vpn on both sides is set to aggressive negotiation instead of mains. this will force each netscreen to look for the other to build and establish the tunnels