Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VPN between 2 Cisco routers (1 static, 1 dynamic) with access from stat --> dynamic over ISDN

Reply
Thread Tools

VPN between 2 Cisco routers (1 static, 1 dynamic) with access from stat --> dynamic over ISDN

 
 
Hans-Peter Walter
Guest
Posts: n/a
 
      01-14-2004
Hello,
I need a solution for the following problem:

We have got 1 Headquarter with a static IP for the Internet access and
several branch offices that connect over VPN using an Internet access
via DSL with a *dynamic* IP address. The connection works fine as long
as the Branch office initiates the connection.
If the headquarter wants to connect to a branch office (and the VPN is
down), it should use an ISDN line to dial in the branch office router,
then the branch office router should initiate the VPN tunnel and the
ISDN connection should timeout. That's the theory! We played around a
little bit and talked to several *specialists*, I saw a lot of
configurations, but none made it possible to dial via ISDN and let the
other Router initiate tunnel.
We even thought about using a kind of dyndns.org, but Cisco will
implement that earliest in Q3/2003 and we need another solution.
We have tested Bintec routers, they do exactly this scenario using the
d-channel of ISDN to let the other router initiate the VPN, but in
that scenario Bintec does not support NAT. It's a mess!

Amy suggestions or sample configs?
Thanx in advance and have good new year!
H.P.Walter
 
Reply With Quote
 
 
 
 
Hans-Peter Walter
Guest
Posts: n/a
 
      01-14-2004
Sorry, correct: Q3/2004
 
Reply With Quote
 
 
 
 
Masud Reza
Guest
Posts: n/a
 
      01-14-2004
Hi Walter:

I do not see any problem with the scenario that you have described.

A lot of implementations have 'ppp dialback' configured. This allows a
site to initiate a call, then terminate it and the remote site calls
back.

You can implement ppp dialback between your Headquater and your
branches.

As far as the VPN initiation is concerned, the VPN will automatically
initiate if your access-list defines the proper 'interesting' traffic
on the branch office side.

Masud









http://www.velocityreviews.com/forums/(E-Mail Removed) (Hans-Peter Walter) wrote in message news:<(E-Mail Removed). com>...
> Hello,
> I need a solution for the following problem:
>
> We have got 1 Headquarter with a static IP for the Internet access and
> several branch offices that connect over VPN using an Internet access
> via DSL with a *dynamic* IP address. The connection works fine as long
> as the Branch office initiates the connection.
> If the headquarter wants to connect to a branch office (and the VPN is
> down), it should use an ISDN line to dial in the branch office router,
> then the branch office router should initiate the VPN tunnel and the
> ISDN connection should timeout. That's the theory! We played around a
> little bit and talked to several *specialists*, I saw a lot of
> configurations, but none made it possible to dial via ISDN and let the
> other Router initiate tunnel.
> We even thought about using a kind of dyndns.org, but Cisco will
> implement that earliest in Q3/2003 and we need another solution.
> We have tested Bintec routers, they do exactly this scenario using the
> d-channel of ISDN to let the other router initiate the VPN, but in
> that scenario Bintec does not support NAT. It's a mess!
>
> Amy suggestions or sample configs?
> Thanx in advance and have good new year!
> H.P.Walter

 
Reply With Quote
 
Joe Bloggs
Guest
Posts: n/a
 
      01-21-2004
Hmmm ISDN and DSL into the branch office router.... Why dont you give them
seperate subnets and specify the ISDN as interesting to the DSL VPN
interface? In other words the remote router would see the isdn and
subsequent packets coming through as an internal host requesting that the
DSL and VPN link be brought up? (If it isn't already?) i.e. just push the
routing all the way round to a spare loopback on the original HQ router. I
dont see this being a problem.


Hans-Peter Walter wrote:

> Hello,
> I need a solution for the following problem:
>
> We have got 1 Headquarter with a static IP for the Internet access and
> several branch offices that connect over VPN using an Internet access
> via DSL with a *dynamic* IP address. The connection works fine as long
> as the Branch office initiates the connection.
> If the headquarter wants to connect to a branch office (and the VPN is
> down), it should use an ISDN line to dial in the branch office router,
> then the branch office router should initiate the VPN tunnel and the
> ISDN connection should timeout. That's the theory! We played around a
> little bit and talked to several *specialists*, I saw a lot of
> configurations, but none made it possible to dial via ISDN and let the
> other Router initiate tunnel.
> We even thought about using a kind of dyndns.org, but Cisco will
> implement that earliest in Q3/2003 and we need another solution.
> We have tested Bintec routers, they do exactly this scenario using the
> d-channel of ISDN to let the other router initiate the VPN, but in
> that scenario Bintec does not support NAT. It's a mess!
>
> Amy suggestions or sample configs?
> Thanx in advance and have good new year!
> H.P.Walter


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why do I have to prefix stat from <sys/stat.h> with the keyword struct? Rolf Krüger C++ 2 03-12-2008 10:38 PM
Date & Time representation in "struct stat" - <sys/stat.h> Magesh C Programming 3 10-05-2007 12:13 PM
pc with isdn modem not connecte isdn 1841 router with isdn module sync Cisco 0 06-05-2007 10:10 AM
struct stat st; stat(fileName.c_str(), &st); hu? Steven T. Hatton C++ 3 06-02-2005 01:50 PM
os.stat('<filename>')[stat.ST_INO] on Windows Patrick Useldinger Python 6 03-03-2005 09:21 AM



Advertisments