- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPSec VPN with domains
I successfully have 2 remote sites with Fortigate 30E firewalls connected with each other using an IPSec tunnel. When I first set it up one of the sites had static IPs and the other used DHCP. So I had the site that used DHCP establish the tunnel, since it knew what the other end's IP was.
However, we moved the office that had static IP and in order to get greater bandwidth at a better price went with DHCP. So now both sides use DHCP. Both sites also dynamically update our DNS infrastructure if their IPs change, so their DNS domains are valid and will return valid IPs.
My question is: is there a way to configure the VPN tunnel on both sides to use domain names instead of IP addresses? As it stands, if there is an outage and the WAN interface gets assigned a different IP, someone will get alerted and will have to manually reconfigure the tunnels. We used to have Zywalls (the Fortigates are a huge improvement) and although their UI was terrible, they had a lot more granular control of IPSec settings and we were able to use domains instead of IPs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think I solved it myself, simply changing the remote ID to "Dynamic DNS". Duh! How did I miss that?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LOL! Glad you figured it out.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thing is, I actually used to work for one of the dynamic DNS companies, so I spaced out assumed that was some sort of compatible client to update DNS. But I should have known since it was under VPN and not WAN interface.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Old habits die hard...
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
