Cisco router with DHCP address connecting IPSEC to Cloud Web Security service
Connecting to the Cloud Web Security service using IPSEC requires that the Cloud peer know the IP address that the firewall or router is coming from. This is defined manually in your portal under network locations.
When a router has a DHCP address on its outside interface you cannot guarantee that the address will remain the same. If the address does change the network location in portal must be updated to reflect the new ip address otherwise the IPSEC tunnel will fail to establish. This can cause a site outage.
Using the Cisco command "ip ddns . . ." it is possible to send updated ip address information into the Cloud to dynamically update the network location in your portal. This command will execute when the interface receives an ip address through DHCP.
routername(config)#ip ddns update method update-cloud
In order to enter the character "?" you need to do a ctrl-v first and then enter "?" (without quotes).
What will happen when this command is sent to your portal?
This HTTP query can be used in a script to create multiple network locations at a time. It can also be used from a browser to create the network location.
Confirmed to work with Cisco IOS 12.4 and 15.0.
Rate this Page
Please take a moment to complete this form to help us better serve you.