Re: Regarding auto configure option in AOL instant messanger.

In article <1119947714.917942.239890@g47g2000cwa.googlegroups.com>,
 <ravicse04@gmail.com> wrote:
:1) Branch office : NETGEAR FVS312 prosafe model
:2) Same in the HQ.
:3) HQ intiated the connection.
:4) branch office doesn't have static ip address and HQ has the static
:office address.

That could lead to problems.

As long as the VPN is connected, then the VPN rules can be written
in terms of internal IP subnets [I think -- though I don't know the
FVS318 well], but if the VPN is not connected, then it is difficult
to get the HQ firewall to connect to the dynamic IP without
reconfiguring the HQ firewall to reflect the current value of the
dynamic IP. If I recall correctly something that I skimmed over this
morning, then one approach would be to subscribe to one of the
dynamic DNS servers (it might have to be dyndns specifically, not sure)
and then the HQ FVS318 can do a DNS lookup of the current registered
IP and attempt to start the IPSec connection to there.

When one side has a dynamic IP and the other side does not, it is
very often much simpler to have the side with the dynamic IP initiate
the connection rather than the side with the static IP.

-- 
  "Who Leads?" / "The men who must... driven men, compelled men."
  "Freak men."
  "You're all freaks, sir. But you always have been freaks.
   Life is a freak. That's its hope and glory." -- Alfred Bester, TSMD