Does anyone have experience setting up an site-to-site IP Sec tunnel between a PAN firewall with a static IP address and a CradlePoint with a dynamic IP address? I am trying to determine if there's a way to setup the IP Sec tunnel between the 2 endpoints without having to pay a 3rd party for DDNS service.
I tried setting the firewall peering to Dynamic, and the IKE Phase 1 exchange modes to Aggressive, but no luck.
Any help is appreciated.
Solved! Go to Solution.
@acrxsupport-old What option have you selected under local/peer identification type? You need to select proper settings here. Also what do you see under system logs?
as long as one side is static, this shouldn't be too difficult
the PA will need to be set as 'passive' as it won't be able to connect out to the dynamic peer (without ddns) and you'll need to use set peer identification to some fictitious FQDN or email (or the local IP of the remote peer, if said peer lives behind a NAT device)
I've got Local and Remote Identities set on both, and it isn't coming up.
If I enable Passive Mode on the PAN, it hasn't actually responding to the IKE Phase 1 - even if I use a Static peer address instead of Dynamic. The system logs unfortunately also don't have anything showing up.
@reaper thanks for your patience. This was very helpful for troubleshooting. It is working now with Responder Mode and NAT-T enabled, and using the matching identities.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!