VPN between 2 Cisco routers (1 static, 1 dynamic) with access from stat --> dynamic over ISDN

Discussion in 'Cisco' started by Hans-Peter Walter, Jan 14, 2004.

  1. Hello,
    I need a solution for the following problem:

    We have got 1 Headquarter with a static IP for the Internet access and
    several branch offices that connect over VPN using an Internet access
    via DSL with a *dynamic* IP address. The connection works fine as long
    as the Branch office initiates the connection.
    If the headquarter wants to connect to a branch office (and the VPN is
    down), it should use an ISDN line to dial in the branch office router,
    then the branch office router should initiate the VPN tunnel and the
    ISDN connection should timeout. That's the theory! We played around a
    little bit and talked to several *specialists*, I saw a lot of
    configurations, but none made it possible to dial via ISDN and let the
    other Router initiate tunnel.
    We even thought about using a kind of dyndns.org, but Cisco will
    implement that earliest in Q3/2003 and we need another solution.
    We have tested Bintec routers, they do exactly this scenario using the
    d-channel of ISDN to let the other router initiate the VPN, but in
    that scenario Bintec does not support NAT. It's a mess!

    Amy suggestions or sample configs?
    Thanx in advance and have good new year!
    H.P.Walter
     
    Hans-Peter Walter, Jan 14, 2004
    #1
    1. Advertising

  2. Sorry, correct: Q3/2004
     
    Hans-Peter Walter, Jan 14, 2004
    #2
    1. Advertising

  3. Hans-Peter Walter

    Masud Reza Guest

    Hi Walter:

    I do not see any problem with the scenario that you have described.

    A lot of implementations have 'ppp dialback' configured. This allows a
    site to initiate a call, then terminate it and the remote site calls
    back.

    You can implement ppp dialback between your Headquater and your
    branches.

    As far as the VPN initiation is concerned, the VPN will automatically
    initiate if your access-list defines the proper 'interesting' traffic
    on the branch office side.

    Masud









    (Hans-Peter Walter) wrote in message news:<>...
    > Hello,
    > I need a solution for the following problem:
    >
    > We have got 1 Headquarter with a static IP for the Internet access and
    > several branch offices that connect over VPN using an Internet access
    > via DSL with a *dynamic* IP address. The connection works fine as long
    > as the Branch office initiates the connection.
    > If the headquarter wants to connect to a branch office (and the VPN is
    > down), it should use an ISDN line to dial in the branch office router,
    > then the branch office router should initiate the VPN tunnel and the
    > ISDN connection should timeout. That's the theory! We played around a
    > little bit and talked to several *specialists*, I saw a lot of
    > configurations, but none made it possible to dial via ISDN and let the
    > other Router initiate tunnel.
    > We even thought about using a kind of dyndns.org, but Cisco will
    > implement that earliest in Q3/2003 and we need another solution.
    > We have tested Bintec routers, they do exactly this scenario using the
    > d-channel of ISDN to let the other router initiate the VPN, but in
    > that scenario Bintec does not support NAT. It's a mess!
    >
    > Amy suggestions or sample configs?
    > Thanx in advance and have good new year!
    > H.P.Walter
     
    Masud Reza, Jan 14, 2004
    #3
  4. Hans-Peter Walter

    Joe Bloggs Guest

    Re: VPN between 2 Cisco routers (1 static, 1 dynamic) with access fromstat --> dynamic over ISDN

    Hmmm ISDN and DSL into the branch office router.... Why dont you give them
    seperate subnets and specify the ISDN as interesting to the DSL VPN
    interface? In other words the remote router would see the isdn and
    subsequent packets coming through as an internal host requesting that the
    DSL and VPN link be brought up? (If it isn't already?) i.e. just push the
    routing all the way round to a spare loopback on the original HQ router. I
    dont see this being a problem.


    Hans-Peter Walter wrote:

    > Hello,
    > I need a solution for the following problem:
    >
    > We have got 1 Headquarter with a static IP for the Internet access and
    > several branch offices that connect over VPN using an Internet access
    > via DSL with a *dynamic* IP address. The connection works fine as long
    > as the Branch office initiates the connection.
    > If the headquarter wants to connect to a branch office (and the VPN is
    > down), it should use an ISDN line to dial in the branch office router,
    > then the branch office router should initiate the VPN tunnel and the
    > ISDN connection should timeout. That's the theory! We played around a
    > little bit and talked to several *specialists*, I saw a lot of
    > configurations, but none made it possible to dial via ISDN and let the
    > other Router initiate tunnel.
    > We even thought about using a kind of dyndns.org, but Cisco will
    > implement that earliest in Q3/2003 and we need another solution.
    > We have tested Bintec routers, they do exactly this scenario using the
    > d-channel of ISDN to let the other router initiate the VPN, but in
    > that scenario Bintec does not support NAT. It's a mess!
    >
    > Amy suggestions or sample configs?
    > Thanx in advance and have good new year!
    > H.P.Walter
     
    Joe Bloggs, Jan 21, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. hk
    Replies:
    0
    Views:
    1,950
  2. Anthony
    Replies:
    7
    Views:
    938
  3. Theo Markettos

    VOIP over VPN over TCP over WAP over 3G

    Theo Markettos, Feb 3, 2008, in forum: UK VOIP
    Replies:
    2
    Views:
    923
    Theo Markettos
    Feb 14, 2008
  4. Diego Balgera
    Replies:
    5
    Views:
    7,772
    Johann Lo
    Feb 8, 2008
  5. ahs
    Replies:
    1
    Views:
    859
Loading...

Share This Page