I agree, the simplest way is to use static IP addresses on both ends, however I have extensively used a static host and a dynamic client in our network with no problems. I know that some of the routers will handle the connection and some will not. For example Cisco will while Linksys and Netopia will not. This option does allow for simple and inexpensive additions to the WAN.

I use a service from no-ip.com It installs a little program on a computer at your site with a dynamic ip and updates a dns listing for you. (You can have as many as you like, i am using it for 20 i think) Then you can use a custom name like yourcompany.no-ip.com and it will always work. No matter what happens to your ip. Better than paying for the static IP’s.

I agree that a static IP on both sides is best and less vulnerable to attack. There are some places you can?t get a fixed IP.

If you can get a fixed IP address on one side most of your none consumer grade firewalls will allow an aggressive mode IPSec VPN tunnel.

If you can?t get a fixed IP on ether end you need to use a Dynamic DNS service. http://www.technopagan.org/dynamic/#TheList is a location for Dynamic DNS services providers. Your VPN solution needs to support URLs.

I have a solution that I have used no-ip.com for 3 years and the new SonicWALL firewalls will talk directly to no-ip.com so no client is needed on a local system.

NO-IP IS A GOOD IDEA. YOU MAY ALSO WISH TO CONSIDER THESE AS POSSIBLE CREATIVE SOULITONS. THEY ARE; NOMACHINEDOTCOM (SEARCH FOR FREENX), LINUXVIRTUALSERVERDOTORG (HAS TRAFFIC MANAGMENT AS ONE FEATURE), VMWAREDOTCOM, LINUX-HADOTORG/HEARTBEATPROGRAM (HEARTBEAT WILL QUICKLY RESTART FROM A MACHINE (OR VIRTUAL MACHINE) CRASH. MOST, IF NOT ALL OF THESE PROGRAMS ARE OS INDEPENDENT. ALTHOUGH NOT A DIRECT ANSWER TO YOUR QUESTION, I HOPE THIS WILL HELP. TIM.

Thanks everyone for all of your replies the info was extremely beneficial. I would like to use static IPs on both ends but unfortunately where we are located our local ISP(only one for the country) only provides static IPs for leased lines which comes with a hefty price increase over the DSL.

If we went the DNS diynamic IP updating route, how difficult is this to configure and maintain? I read that you will lose emails which were sent at the time the DNS servers are being updated with the new IP.

Also what specific routers would you recommend for this setup?

Thanks in advance
Greg

If you have an email server on-site, I know no-ip.com and dynip.com have options where your MX record goes to them and you can you pull the email off their site. This eliminates any loss of email while the DNS severs are updated. But to tell the truth, for the 3 years I have used no-ip.com I have had no noticeable drop in my VPN tunnel.

From all aspects they talk reliable. Here is one I read up on and liked what they offered. http://dns2go.deerfield.com/ It makes sense what you are trying to do. Another thing to asses here is do you need to host these mail or web apps from your own DSL line. With hosting plans as cheap as they are these days you can benefit from their huge data centers not only for redundant backbone to the internet, but their backing up of your email and web etc. for a small chuck of change you can get all the bells and whisles along with the security that they can offer as well. Then just keep your dsl for your regular internet usage. Lots of people these days love the fact that for a low price they get their email hosted, filtered and virus checked from a provider making it more convenient and hands off. I totally recommend it.