- Posts: 1
- Thank you received: 0
DDNS Problem
- muneerhussein
- Topic Author
- Offline
- New Member
-
Less
More
13 years 3 months ago #35992
by muneerhussein
DDNS Problem was created by muneerhussein
Dear all,
have Cisco 837 router in the main office for a company so there are 10 branches should be connected with the main office using VPN so the configuration is opertional and tested by making a connection using Cisco VPN client program but the problem now is changing the ip address so I did the following:
1- create an account in no-ip website the account is :
muneertest.no-ip.info
email:alfaidhi@gmail.com
password:123456
2- do the ddns configuration as the following:
sh run
Building configuration...
Current configuration : 4096 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
no logging buffered
enable secret 5 $1$/M.M$JyYjWejFmPXvEpxgP6A5k.
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
--More-- aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
!
ip dhcp pool cisco
network 192.168.0.0 255.255.255.0
default-router 192.168.0.254
dns-server 65.162.184.33 65.162.184.34
!
!
ip cef
ip name-server 82.114.162.33
ip name-server 82.114.162.34
no ip ips deny-action ips-interface
ip ddns update method MYUPDATE
HTTP
add http://alfaidhi@gmail.com:123456@dynupdate.no-ip.com/nic/update?hostname=<h>
--More-- interval maximum 0 0 5 0
!
!
!
!
username test privilege 15 password 0 123456
username admin privilege 15 password 0 123456
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 15
!
crypto isakmp client configuration group CISCOGROUP
key cisco123
pool SDM_POOL_1
acl 100
netmask 255.255.255.0
!
--More-- !
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface Ethernet0
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
hold-queue 100 out
!
interface Ethernet2
--More-- no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
--More-- duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer0
ip ddns update hostname muneertest.no-ip.info
ip ddns update MYUPDATE
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname munee1
ppp chap password 0 123456
ppp pap sent-username muneer1 password 0 123456
crypto map SDM_CMAP_1
!
--More-- ip local pool SDM_POOL_1 192.168.0.150 192.168.0.160
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
ip dns server
!
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 101 remark SDM_ACL Category=2
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.150
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.151
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.152
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.153
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.154
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.155
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.156
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.157
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.158
--More-- access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.159
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.160
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password cisco
!
scheduler max-task-time 5000
end
Router#
And this is the debug output:
*Mar 1 10:29:36.971: DYNDNSUPD: Adding DNS mapping for muneertest.no-ip.info <=
> 109.200.168.194
*Mar 1 10:29:36.971: HTTPDNS: Update add called for muneertest.no-ip.info <=> 109.200.168.194
*Mar 1 10:29:36.971: HTTPDNSUPD: Session ID = 0x17
*Mar 1 10:29:36.971: HTTPDNSUPD: URL = 'http://alfaidhi@gmail.com:123456@dynupd//alfaidhi@gmail.com:123456@dynupd
ate.no-ip.com/nic/update?hostname=muneertest.no-ip.info&myip=109.200.168.194'
*Mar 1 10:29:36.971: HTTPDNSUPD: Sending request
*Mar 1 10:29:57.023: HTTPDNSUPD: Call returned Connection time out for update m
uneertest.no-ip.info <=> 109.200.168.194
*Mar 1 10:29:57.023: DYNDNSUPD: Another update completed (outstanding=0, total=
0)
*Mar 1 10:29:57.023: HTTPDNSUPD: Clearing all session 23 info
Please note this:
This ip [ 109.200.168.194] which appear in the debug is the current ip address for the dialer 0 and that is good but when I ping to muneertest.no-ip.com the reply return from the ip address which written when I added the host in the no-ip account as shown in the attached image so this is written [ like something static ] how can the router change it !! ?? or maybe the host creation is wrong.
Waiting for your answer ..
Regards.
alfaidhi@gmail.com
have Cisco 837 router in the main office for a company so there are 10 branches should be connected with the main office using VPN so the configuration is opertional and tested by making a connection using Cisco VPN client program but the problem now is changing the ip address so I did the following:
1- create an account in no-ip website the account is :
muneertest.no-ip.info
email:alfaidhi@gmail.com
password:123456
2- do the ddns configuration as the following:
sh run
Building configuration...
Current configuration : 4096 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
no logging buffered
enable secret 5 $1$/M.M$JyYjWejFmPXvEpxgP6A5k.
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
--More-- aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
!
ip dhcp pool cisco
network 192.168.0.0 255.255.255.0
default-router 192.168.0.254
dns-server 65.162.184.33 65.162.184.34
!
!
ip cef
ip name-server 82.114.162.33
ip name-server 82.114.162.34
no ip ips deny-action ips-interface
ip ddns update method MYUPDATE
HTTP
add http://alfaidhi@gmail.com:123456@dynupdate.no-ip.com/nic/update?hostname=<h>
--More-- interval maximum 0 0 5 0
!
!
!
!
username test privilege 15 password 0 123456
username admin privilege 15 password 0 123456
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 15
!
crypto isakmp client configuration group CISCOGROUP
key cisco123
pool SDM_POOL_1
acl 100
netmask 255.255.255.0
!
--More-- !
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface Ethernet0
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
hold-queue 100 out
!
interface Ethernet2
--More-- no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
--More-- duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer0
ip ddns update hostname muneertest.no-ip.info
ip ddns update MYUPDATE
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname munee1
ppp chap password 0 123456
ppp pap sent-username muneer1 password 0 123456
crypto map SDM_CMAP_1
!
--More-- ip local pool SDM_POOL_1 192.168.0.150 192.168.0.160
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
ip dns server
!
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 101 remark SDM_ACL Category=2
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.150
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.151
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.152
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.153
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.154
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.155
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.156
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.157
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.158
--More-- access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.159
access-list 101 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.160
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password cisco
!
scheduler max-task-time 5000
end
Router#
And this is the debug output:
*Mar 1 10:29:36.971: DYNDNSUPD: Adding DNS mapping for muneertest.no-ip.info <=
> 109.200.168.194
*Mar 1 10:29:36.971: HTTPDNS: Update add called for muneertest.no-ip.info <=> 109.200.168.194
*Mar 1 10:29:36.971: HTTPDNSUPD: Session ID = 0x17
*Mar 1 10:29:36.971: HTTPDNSUPD: URL = 'http://alfaidhi@gmail.com:123456@dynupd//alfaidhi@gmail.com:123456@dynupd
ate.no-ip.com/nic/update?hostname=muneertest.no-ip.info&myip=109.200.168.194'
*Mar 1 10:29:36.971: HTTPDNSUPD: Sending request
*Mar 1 10:29:57.023: HTTPDNSUPD: Call returned Connection time out for update m
uneertest.no-ip.info <=> 109.200.168.194
*Mar 1 10:29:57.023: DYNDNSUPD: Another update completed (outstanding=0, total=
0)
*Mar 1 10:29:57.023: HTTPDNSUPD: Clearing all session 23 info
Please note this:
This ip [ 109.200.168.194] which appear in the debug is the current ip address for the dialer 0 and that is good but when I ping to muneertest.no-ip.com the reply return from the ip address which written when I added the host in the no-ip account as shown in the attached image so this is written [ like something static ] how can the router change it !! ?? or maybe the host creation is wrong.
Waiting for your answer ..
Regards.
alfaidhi@gmail.com
Time to create page: 0.142 seconds