DDNS FGT ipsec-tunnels sample

With a dynamic peer, you have to take in consideration that you can NOT id the dynamic endpoint via typical ipv4/ipv6 phase1-id

This is due to the fact that the peer-id is unknown. Here's a dynamic vpn cfgt  that  remote-peer that connects to a dynamic-dns defined peer.

Notice we have no ip-address defined?

In this next example, we have a hub setup that allows for a dynamic-host to connect and since we have no clue as to what it's address, we have to use a peerid-type that is defined for that peer.

 again notice no ip address!

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o

        /  \