initialize a vpn connection from the router itself

Discussion in 'Cisco' started by dt1649651@yahoo.com, Aug 9, 2005.

  1. Guest

    I configure a router 877 at home to connect to my office router via
    IPSEC. It works great but I have a small problem that I can not
    initiate a VPN connection when I ping my office network from my router
    itself.

    I have to ping from one of my workstations at home in order to
    initialize the VPN connection if it is not established yet.

    Is there any way for me to do it from the router itself ? I need to do
    this because sometimes I access to my router remotely and want to do
    some tests.

    Thanks for your help,

    DT
    , Aug 9, 2005
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    :I configure a router 877 at home to connect to my office router via
    :IPSEC. It works great but I have a small problem that I can not
    :initiate a VPN connection when I ping my office network from my router
    :itself.

    Yeah, that happens. I think if you check your ACL that describes
    what is to be tunneled, you will find that the outside IP address of the
    router itself is not listed as a tunnel source.
    --
    Look out, there are llamas!
    Walter Roberson, Aug 9, 2005
    #2
    1. Advertising

  3. RobO Guest

    Hi,

    Have you tried using an extended ping?
    This allows you to ping from a specific interface on the router.
    I imagine your VPN match access-lists imply the internal networks on
    both sides?

    Type "ping" hit enter
    hit enter again for the default "protocol ip"
    enter destination ip address
    hit enter till you get the extended commands (y)
    and type in the source ip address being your internal interface on the
    router.

    Rob.
    RobO, Aug 9, 2005
    #3
  4. Scooby Guest

    <> wrote in message
    news:...
    > I configure a router 877 at home to connect to my office router via
    > IPSEC. It works great but I have a small problem that I can not
    > initiate a VPN connection when I ping my office network from my router
    > itself.
    >
    > I have to ping from one of my workstations at home in order to
    > initialize the VPN connection if it is not established yet.
    >
    > Is there any way for me to do it from the router itself ? I need to do
    > this because sometimes I access to my router remotely and want to do
    > some tests.
    >
    > Thanks for your help,
    >
    > DT
    >


    Does your home network have a static IP address? If not, then your work
    router probably just has the connection address of 0.0.0.0 associated to
    that connection. Given that, there is no way for the work router to know
    how to connect to your home. One option is to have some keep alives going
    across the network which will keep the connection up. If you have a routing
    protocol on the vpn connection, then your home router should always keep the
    connection open.
    Scooby, Aug 9, 2005
    #4
  5. Guest

    Walter Roberson wrote:
    > In article <>,
    > <> wrote:
    > :I configure a router 877 at home to connect to my office router via
    > :IPSEC. It works great but I have a small problem that I can not
    > :initiate a VPN connection when I ping my office network from my router
    > :itself.
    >
    > Yeah, that happens. I think if you check your ACL that describes
    > what is to be tunneled, you will find that the outside IP address of the
    > router itself is not listed as a tunnel source.


    Hi Walter,

    Thanks for explanation. Yes, I turned on the debug and I saw that but
    dunno how to pass it. I am sure there is a way to do it because when I
    used the SDM, it asked me if I want it to test by itself ( it means it
    will run commands from the router ) or by an external workstation.

    DT
    , Aug 9, 2005
    #5
  6. Guest

    RobO wrote:
    > Hi,
    >
    > Have you tried using an extended ping?
    > This allows you to ping from a specific interface on the router.
    > I imagine your VPN match access-lists imply the internal networks on
    > both sides?
    >
    > Type "ping" hit enter
    > hit enter again for the default "protocol ip"
    > enter destination ip address
    > hit enter till you get the extended commands (y)
    > and type in the source ip address being your internal interface on the
    > router.
    >


    Thanks Rob for the "extended" command. Yes, it works !

    DT
    , Aug 9, 2005
    #6
  7. Guest

    Scooby wrote:
    >
    > Does your home network have a static IP address? If not, then your work
    > router probably just has the connection address of 0.0.0.0 associated to
    > that connection. Given that, there is no way for the work router to know
    > how to connect to your home. One option is to have some keep alives going
    > across the network which will keep the connection up. If you have a routing
    > protocol on the vpn connection, then your home router should always keep the
    > connection open.


    Thanks for your reply, Scooby. My home network does not have a static
    IP address ( I wish I had ) . I do not need to keep the connection
    alive all the time. I want to try different VPN configurations between
    my 877 and my work router so I can apply them to my co-workers's home
    networks, therefore I have to close and initiate the VPN connections.

    My problem is on the ACL for the protected networks. As Walter and Rob
    suggested, I used the extended ping command and it works.

    DT
    , Aug 9, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    880
  2. Tafari

    Defrag cannot initialize

    Tafari, Feb 28, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    422
    Tafari
    Mar 1, 2004
  3. PuppyKatt

    Mystery Program cannot initialize

    PuppyKatt, Jun 2, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    595
    PuppyKatt
    Jun 8, 2004
  4. fitwell

    "Unable to initialize DAO-Jet engine"?

    fitwell, Feb 22, 2005, in forum: Computer Support
    Replies:
    4
    Views:
    3,084
    Blinky the Shark
    Feb 24, 2005
  5. Rob
    Replies:
    0
    Views:
    430
Loading...

Share This Page