Re-establishing VPN connection when ISP forces new IP address

Discussion in 'Cisco' started by polarbear2008, May 26, 2008.

  1. We are using a CISCO router (851) in Greenland to connect to be able
    to connect from our facility in Colorado to a GPS receiver in
    Greenland. TeleGreenland charges a lot for a fixed IP address using a
    ADSL modem, so we are trying to VPN to our facility using the CISCO
    router through the much less expensive dynamic IP address option. We
    are able to VPN successfully for a short while, but appears the ISP
    forces a new IP address every so often, which breaks our VPN tunnel.
    So far we have not been able find a solution for re-establishing the
    VPN tunnel once the IP address is changed. Does anyone have any
    suggestions on how to program the router to circumnavigate this
    problem? Thanks...Thomas
     
    polarbear2008, May 26, 2008
    #1
    1. Advertising

  2. polarbear2008

    News Reader Guest

    Is the IP address change occurring because you are not keeping the ADSL
    connection "UP"?

    More likely to maintain a consistent dynamically assigned IP with a
    persistent UP state (i.e.: renew an existing lease vs. trying to lease
    an IP you previously relinquished).

    Consider reversing the direction of connection initiation. Have the
    Greenland device initiate a persistent VPN connection to Colorado
    (assuming that your IP is static in Colorado).

    polarbear2008 wrote:
    > We are using a CISCO router (851) in Greenland to connect to be able
    > to connect from our facility in Colorado to a GPS receiver in
    > Greenland. TeleGreenland charges a lot for a fixed IP address using a
    > ADSL modem, so we are trying to VPN to our facility using the CISCO
    > router through the much less expensive dynamic IP address option. We
    > are able to VPN successfully for a short while, but appears the ISP
    > forces a new IP address every so often, which breaks our VPN tunnel.
    > So far we have not been able find a solution for re-establishing the
    > VPN tunnel once the IP address is changed. Does anyone have any
    > suggestions on how to program the router to circumnavigate this
    > problem? Thanks...Thomas


    Best Regards,
    News Reader
     
    News Reader, May 26, 2008
    #2
    1. Advertising

  3. polarbear2008

    Dan Lanciani Guest

    In article <>, (polarbear2008) writes:

    | We are using a CISCO router (851) in Greenland to connect to be able
    | to connect from our facility in Colorado to a GPS receiver in
    | Greenland. TeleGreenland charges a lot for a fixed IP address using a
    | ADSL modem, so we are trying to VPN to our facility using the CISCO
    | router through the much less expensive dynamic IP address option. We
    | are able to VPN successfully for a short while, but appears the ISP
    | forces a new IP address every so often, which breaks our VPN tunnel.
    | So far we have not been able find a solution for re-establishing the
    | VPN tunnel once the IP address is changed. Does anyone have any
    | suggestions on how to program the router to circumnavigate this
    | problem?

    What exactly are you using for the tunnel? One approach that would
    probably work is a multi-point GRE tunnel with NHRP so the dynamic
    side can update the other end's notion of its address.

    Dan Lanciani
    ddl@danlan.*com
     
    Dan Lanciani, May 26, 2008
    #3
  4. polarbear2008

    Al Guest

    On May 26, 8:14 pm, ddl@danlan.*com (Dan Lanciani) wrote:
    > In article <>, (polarbear2008) writes:
    >
    > | We are using a CISCO router (851) in Greenland to connect to be able
    > | to connect from our facility in Colorado to a GPS receiver in
    > | Greenland. TeleGreenland charges a lot for a fixed IP address using a
    > | ADSL modem, so we are trying to VPN to our facility using the CISCO
    > | router through the much less expensive dynamic IP address option. We
    > | are able to VPN successfully for a short while, but appears the ISP
    > | forces a new IP address every so often, which breaks our VPN tunnel.
    > | So far we have not been able find a solution for re-establishing the
    > | VPN tunnel once the IP address is changed. Does anyone have any
    > | suggestions on how to program the router to circumnavigate this
    > | problem?
    >
    > What exactly are you using for the tunnel? One approach that would
    > probably work is a multi-point GRE tunnel with NHRP so the dynamic
    > side can update the other end's notion of its address.
    >
    > Dan Lanciani
    > ddl@danlan.*com


    Another option would be to setup the 851 as an EasyVPN client in
    network-extension mode, to a Cisco device in Colorado acting as the
    'server' - but this again assumes the server end has a fixed IP. I
    would suggest this is OK if you're only connecting two sites - if you
    want to add more sites connecting to the one in Greenland, then maybe
    DMVPN (mGRE tunnelling with IPSec profiles as above) is a better way
    forward.

    Cisco IOS IPSec VPN technology page:
    http://www.cisco.com/en/US/products/ps6635/products_ios_protocol_group_home.html
     
    Al, May 27, 2008
    #4
  5. Thanks for all of your suggestions. We found a solution to our
    problem. We setup both Syslog logging and NTP to sync with servers on
    our VPN-only accessible network, thus forcing the router to re-
    establish the VPN tunnel if only to sync with the NTP server and
    deliver logging messages. We are also running a 'kron' a few times a
    day to ensure the tunnel stays up.

    -Thomas
     
    polarbear2008, May 29, 2008
    #5
  6. Thanks for all of your suggestions. We found a solution to our
    problem. We setup both Syslog logging and NTP to sync with servers on
    our VPN-only accessible network, thus forcing the router to re-
    establish the VPN tunnel if only to sync with the NTP server and
    deliver logging messages. We are also running a 'kron' a few times a
    day to ensure the tunnel stays up.

    -Thomas
     
    polarbear2008, May 29, 2008
    #6
  7. polarbear2008

    Steven B Guest

    On May 27, 1:35 pm, Al <> wrote:
    > On May 26, 8:14 pm, ddl@danlan.*com (Dan Lanciani) wrote:
    >
    >
    >
    >
    >
    > > In article <>, (polarbear2008) writes:

    >
    > > | We are using a CISCO router (851) in Greenland to connect to be able
    > > | to connect from our facility in Colorado to a GPS receiver in
    > > | Greenland.  TeleGreenland charges a lot for a fixed IP address using a
    > > | ADSL modem, so we are trying to VPN to our facility using the CISCO
    > > | router through the much less expensive dynamic IP address option.  We
    > > | are able to VPN successfully for a short while, but appears the ISP
    > > | forces a new IP address every so often, which breaks our VPN tunnel.
    > > | So far we have not been able find a solution for re-establishing the
    > > | VPN tunnel once the IP address is changed.  Does anyone have any
    > > | suggestions on how to program the router to circumnavigate this
    > > | problem?

    >
    > > What exactly are you using for the tunnel?  One approach that would
    > > probably work is a multi-point GRE tunnel with NHRP so the dynamic
    > > side can update the other end's notion of its address.

    >
    > >                                 Dan Lanciani
    > >                                 ddl@danlan.*com

    >
    > Another option would be to setup the 851 as an EasyVPN client in
    > network-extension mode, to a Cisco device in Colorado acting as the
    > 'server' - but this again assumes the server end has a fixed IP. I
    > would suggest this is OK if you're only connecting two sites - if you
    > want to add more sites connecting to the one in Greenland, then maybe
    > DMVPN (mGRE tunnelling with IPSec profiles as above) is a better way
    > forward.
    >
    > Cisco IOS IPSec VPN technology page:http://www.cisco.com/en/US/products/ps6635/products_ios_protocol_grou...- Hide quoted text -
    >
    > - Show quoted text -


    EasyVPN is a really good option for these scenarios. We use it for
    many sites that have smaller Cable/DSL based ISPs.
     
    Steven B, May 29, 2008
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. news.microsoft.com

    Establishing Bluetooth network connection with PDA

    news.microsoft.com, Nov 22, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    772
    news.microsoft.com
    Nov 22, 2004
  2. Paul
    Replies:
    4
    Views:
    501
    Ivan Ostres
    Feb 13, 2004
  3. ggeo99

    Re: Trouble Establishing Wireless Connection

    ggeo99, Jan 22, 2006, in forum: Wireless Networking
    Replies:
    0
    Views:
    1,216
    ggeo99
    Jan 22, 2006
  4. James
    Replies:
    9
    Views:
    28,401
    James
    Mar 6, 2006
  5. Lukus

    Delay In Establishing Internet Connection

    Lukus, Jan 1, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    1,819
    Lukus
    Jan 1, 2004
Loading...

Share This Page