Router (Dynamic IP) to PIX (static) VPN, how to force router to connect?

Discussion in 'Cisco' started by Scott Townsend, May 12, 2005.

  1. I just installed a second 1721 router at a remote site and it connects to HQ
    via IPSec VPN. Works Great when I have a laptop there on site and its
    actively communicating back to the HQ Subnet. There is only one device
    there at the remote location and its just a web server of sorts, so it only
    talks when its spoken to.

    My problem is that since the remote site is on DSL, the VPN drops here and
    there. Since the only device at the remote location does not talk unless
    spoken to, it never tries to bring up the VPN connection.

    Is there a way to make the router keep the VPN connection up even if there
    is no traffic destined to the remote network?

    The DSL Service is a Dynamic IP, so I can have HQ bring up the connection to
    the remote. I was hoping for some keep-alive that I can set up in the
    router to ping the HQ subnet every once in a while.

    Thanks,
    Scott<-
    Scott Townsend, May 12, 2005
    #1
    1. Advertising

  2. hey scott

    how about setting up a routing-protocol inside of
    the tunnel? - so the remotrouter tries to reach its
    neighbour and opens the connection

    greetz, curtis

    "Scott Townsend" <scott-i@.-N0-SPAMplease.enm.com> schrieb im Newsbeitrag
    news:UIJge.1667$...
    >I just installed a second 1721 router at a remote site and it connects to
    >HQ via IPSec VPN. Works Great when I have a laptop there on site and its
    >actively communicating back to the HQ Subnet. There is only one device
    >there at the remote location and its just a web server of sorts, so it only
    >talks when its spoken to.
    >
    > My problem is that since the remote site is on DSL, the VPN drops here and
    > there. Since the only device at the remote location does not talk unless
    > spoken to, it never tries to bring up the VPN connection.
    >
    > Is there a way to make the router keep the VPN connection up even if there
    > is no traffic destined to the remote network?
    >
    > The DSL Service is a Dynamic IP, so I can have HQ bring up the connection
    > to the remote. I was hoping for some keep-alive that I can set up in the
    > router to ping the HQ subnet every once in a while.
    >
    > Thanks,
    > Scott<-
    >
    Curtis M. West, May 12, 2005
    #2
    1. Advertising

  3. Hmmm... that's a thought. We have EIGRP at HQ. I should be able to
    configure that....

    Though How do I set it up so it does not include the Outside Interface, but
    then still passes the Traffic back to the HQ Subnet?

    Thanks!

    Scott<-
    "Curtis M. West" <> wrote in message
    news:d5vsg0$3pc$...
    > hey scott
    >
    > how about setting up a routing-protocol inside of
    > the tunnel? - so the remotrouter tries to reach its
    > neighbour and opens the connection
    >
    > greetz, curtis
    >
    > "Scott Townsend" <scott-i@.-N0-SPAMplease.enm.com> schrieb im Newsbeitrag
    > news:UIJge.1667$...
    >>I just installed a second 1721 router at a remote site and it connects to
    >>HQ via IPSec VPN. Works Great when I have a laptop there on site and its
    >>actively communicating back to the HQ Subnet. There is only one device
    >>there at the remote location and its just a web server of sorts, so it
    >>only talks when its spoken to.
    >>
    >> My problem is that since the remote site is on DSL, the VPN drops here
    >> and there. Since the only device at the remote location does not talk
    >> unless spoken to, it never tries to bring up the VPN connection.
    >>
    >> Is there a way to make the router keep the VPN connection up even if
    >> there is no traffic destined to the remote network?
    >>
    >> The DSL Service is a Dynamic IP, so I can have HQ bring up the connection
    >> to the remote. I was hoping for some keep-alive that I can set up in the
    >> router to ping the HQ subnet every once in a while.
    >>
    >> Thanks,
    >> Scott<-
    >>

    >
    >
    Scott Townsend, May 12, 2005
    #3
  4. Scott Townsend

    Frank Durham Guest

    there is a command called "passive-interface". That shoudl get the job
    done. If I understan you correctly.

    Frank

    "Scott Townsend" <scott-i@.-N0-SPAMplease.enm.com> wrote in message
    news:rpNge.16168$...
    > Hmmm... that's a thought. We have EIGRP at HQ. I should be able to
    > configure that....
    >
    > Though How do I set it up so it does not include the Outside Interface,
    > but then still passes the Traffic back to the HQ Subnet?
    >
    > Thanks!
    >
    > Scott<-
    > "Curtis M. West" <> wrote in message
    > news:d5vsg0$3pc$...
    >> hey scott
    >>
    >> how about setting up a routing-protocol inside of
    >> the tunnel? - so the remotrouter tries to reach its
    >> neighbour and opens the connection
    >>
    >> greetz, curtis
    >>
    >> "Scott Townsend" <scott-i@.-N0-SPAMplease.enm.com> schrieb im Newsbeitrag
    >> news:UIJge.1667$...
    >>>I just installed a second 1721 router at a remote site and it connects to
    >>>HQ via IPSec VPN. Works Great when I have a laptop there on site and its
    >>>actively communicating back to the HQ Subnet. There is only one device
    >>>there at the remote location and its just a web server of sorts, so it
    >>>only talks when its spoken to.
    >>>
    >>> My problem is that since the remote site is on DSL, the VPN drops here
    >>> and there. Since the only device at the remote location does not talk
    >>> unless spoken to, it never tries to bring up the VPN connection.
    >>>
    >>> Is there a way to make the router keep the VPN connection up even if
    >>> there is no traffic destined to the remote network?
    >>>
    >>> The DSL Service is a Dynamic IP, so I can have HQ bring up the
    >>> connection to the remote. I was hoping for some keep-alive that I can
    >>> set up in the router to ping the HQ subnet every once in a while.
    >>>
    >>> Thanks,
    >>> Scott<-
    >>>

    >>
    >>

    >
    >
    Frank Durham, May 12, 2005
    #4
  5. So I'm Setup As Follows:

    10.10.1.1 - Core Router @ HQ
    10.10.1.2 - PIX @ HQ, Connects to outside/Internet

    SBC/DSL Dynamic IP Outside E0
    10.20.1.1 Inside Interface @ Remote Site

    On the Both the Core and Remote Routers I have:
    router eigrp 2
    network 10.0.0.0
    default-metric 1000 100 255 1 1500
    no auto-summary
    no eigrp log-neighbor-changes

    Though doing a Show Ip Route, does not give me information about the other
    ends from either router.
    If I try to add a neighbor, it wants it to be on a Subnet that is directly
    connected to the router. Is there another way to tell it who one if its
    neighbors is?

    Thanks,
    Scott<-

    "Frank Durham" <> wrote in message
    news:4283b28d$0$83862$...
    > there is a command called "passive-interface". That shoudl get the job
    > done. If I understan you correctly.
    >
    > Frank
    >
    > "Scott Townsend" <scott-i@.-N0-SPAMplease.enm.com> wrote in message
    > news:rpNge.16168$...
    >> Hmmm... that's a thought. We have EIGRP at HQ. I should be able to
    >> configure that....
    >>
    >> Though How do I set it up so it does not include the Outside Interface,
    >> but then still passes the Traffic back to the HQ Subnet?
    >>
    >> Thanks!
    >>
    >> Scott<-
    >> "Curtis M. West" <> wrote in message
    >> news:d5vsg0$3pc$...
    >>> hey scott
    >>>
    >>> how about setting up a routing-protocol inside of
    >>> the tunnel? - so the remotrouter tries to reach its
    >>> neighbour and opens the connection
    >>>
    >>> greetz, curtis
    >>>
    >>> "Scott Townsend" <scott-i@.-N0-SPAMplease.enm.com> schrieb im
    >>> Newsbeitrag news:UIJge.1667$...
    >>>>I just installed a second 1721 router at a remote site and it connects
    >>>>to HQ via IPSec VPN. Works Great when I have a laptop there on site and
    >>>>its actively communicating back to the HQ Subnet. There is only one
    >>>>device there at the remote location and its just a web server of sorts,
    >>>>so it only talks when its spoken to.
    >>>>
    >>>> My problem is that since the remote site is on DSL, the VPN drops here
    >>>> and there. Since the only device at the remote location does not talk
    >>>> unless spoken to, it never tries to bring up the VPN connection.
    >>>>
    >>>> Is there a way to make the router keep the VPN connection up even if
    >>>> there is no traffic destined to the remote network?
    >>>>
    >>>> The DSL Service is a Dynamic IP, so I can have HQ bring up the
    >>>> connection to the remote. I was hoping for some keep-alive that I can
    >>>> set up in the router to ping the HQ subnet every once in a while.
    >>>>
    >>>> Thanks,
    >>>> Scott<-
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
    Scott Townsend, May 13, 2005
    #5
  6. Hey Curtis,

    I've looked at a few Routing Protocols and Tried to get EIGRP to do what I
    want though I can only configure a Neighbor that is Directly Connected.

    Any Suggestions?

    Thanks,
    Scott<-


    "Curtis M. West" <> wrote in message
    news:d5vsg0$3pc$...
    > hey scott
    >
    > how about setting up a routing-protocol inside of
    > the tunnel? - so the remotrouter tries to reach its
    > neighbour and opens the connection
    >
    > greetz, curtis
    >
    > "Scott Townsend" <scott-i@.-N0-SPAMplease.enm.com> schrieb im Newsbeitrag
    > news:UIJge.1667$...
    >>I just installed a second 1721 router at a remote site and it connects to
    >>HQ via IPSec VPN. Works Great when I have a laptop there on site and its
    >>actively communicating back to the HQ Subnet. There is only one device
    >>there at the remote location and its just a web server of sorts, so it
    >>only talks when its spoken to.
    >>
    >> My problem is that since the remote site is on DSL, the VPN drops here
    >> and there. Since the only device at the remote location does not talk
    >> unless spoken to, it never tries to bring up the VPN connection.
    >>
    >> Is there a way to make the router keep the VPN connection up even if
    >> there is no traffic destined to the remote network?
    >>
    >> The DSL Service is a Dynamic IP, so I can have HQ bring up the connection
    >> to the remote. I was hoping for some keep-alive that I can set up in the
    >> router to ping the HQ subnet every once in a while.
    >>
    >> Thanks,
    >> Scott<-
    >>

    >
    >
    Scott Townsend, May 23, 2005
    #6
  7. Scott Townsend

    djd Guest

    Re: Router (Dynamic IP) to PIX (static) VPN, how to force routerto connect?

    IPSec doesn't forward multicast traffic, which most routing protocols use (you
    could use BGP). However, an alternative might be to configure NTP in the remote
    router and specify the local ethernet interface as the source of the NTP traffic
    and an NTP server at HQ, that may be enough to keep the tunnel up, even if
    there's not really an NTP server at HQ.

    HTH - Good luck!

    Scott Townsend wrote:

    > Hey Curtis,
    >
    > I've looked at a few Routing Protocols and Tried to get EIGRP to do what I
    > want though I can only configure a Neighbor that is Directly Connected.
    >
    > Any Suggestions?
    >
    > Thanks,
    > Scott<-
    >
    >
    > "Curtis M. West" <> wrote in message
    > news:d5vsg0$3pc$...
    >
    >>hey scott
    >>
    >>how about setting up a routing-protocol inside of
    >>the tunnel? - so the remotrouter tries to reach its
    >>neighbour and opens the connection
    >>
    >>greetz, curtis
    >>
    >>"Scott Townsend" <scott-i@.-N0-SPAMplease.enm.com> schrieb im Newsbeitrag
    >>news:UIJge.1667$...
    >>
    >>>I just installed a second 1721 router at a remote site and it connects to
    >>>HQ via IPSec VPN. Works Great when I have a laptop there on site and its
    >>>actively communicating back to the HQ Subnet. There is only one device
    >>>there at the remote location and its just a web server of sorts, so it
    >>>only talks when its spoken to.
    >>>
    >>>My problem is that since the remote site is on DSL, the VPN drops here
    >>>and there. Since the only device at the remote location does not talk
    >>>unless spoken to, it never tries to bring up the VPN connection.
    >>>
    >>>Is there a way to make the router keep the VPN connection up even if
    >>>there is no traffic destined to the remote network?
    >>>
    >>>The DSL Service is a Dynamic IP, so I can have HQ bring up the connection
    >>>to the remote. I was hoping for some keep-alive that I can set up in the
    >>>router to ping the HQ subnet every once in a while.
    >>>
    >>>Thanks,
    >>> Scott<-
    >>>

    >>
    >>

    >
    >
    djd, Jul 3, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hans-Peter Walter
    Replies:
    3
    Views:
    1,116
    Joe Bloggs
    Jan 21, 2004
  2. Replies:
    0
    Views:
    877
  3. Replies:
    0
    Views:
    1,085
  4. Replies:
    0
    Views:
    1,512
  5. Replies:
    2
    Views:
    711
    Bert Hyman
    Dec 31, 2008
Loading...

Share This Page