Router (Dynamic IP) to PIX (static) VPN, how to force router to connect?

Discussion in 'Cisco' started by Scott Townsend, May 12, 2005.

  1. I just installed a second 1721 router at a remote site and it connects to HQ
    via IPSec VPN. Works Great when I have a laptop there on site and its
    actively communicating back to the HQ Subnet. There is only one device
    there at the remote location and its just a web server of sorts, so it only
    talks when its spoken to.

    My problem is that since the remote site is on DSL, the VPN drops here and
    there. Since the only device at the remote location does not talk unless
    spoken to, it never tries to bring up the VPN connection.

    Is there a way to make the router keep the VPN connection up even if there
    is no traffic destined to the remote network?

    The DSL Service is a Dynamic IP, so I can have HQ bring up the connection to
    the remote. I was hoping for some keep-alive that I can set up in the
    router to ping the HQ subnet every once in a while.

    Thanks,
    Scott<-
     
    Scott Townsend, May 12, 2005
    #1
    1. Advertisements

  2. hey scott

    how about setting up a routing-protocol inside of
    the tunnel? - so the remotrouter tries to reach its
    neighbour and opens the connection

    greetz, curtis
     
    Curtis M. West, May 12, 2005
    #2
    1. Advertisements

  3. Hmmm... that's a thought. We have EIGRP at HQ. I should be able to
    configure that....

    Though How do I set it up so it does not include the Outside Interface, but
    then still passes the Traffic back to the HQ Subnet?

    Thanks!

    Scott<-
     
    Scott Townsend, May 12, 2005
    #3
  4. Scott Townsend

    Frank Durham Guest

    there is a command called "passive-interface". That shoudl get the job
    done. If I understan you correctly.

    Frank
     
    Frank Durham, May 12, 2005
    #4
  5. So I'm Setup As Follows:

    10.10.1.1 - Core Router @ HQ
    10.10.1.2 - PIX @ HQ, Connects to outside/Internet

    SBC/DSL Dynamic IP Outside E0
    10.20.1.1 Inside Interface @ Remote Site

    On the Both the Core and Remote Routers I have:
    router eigrp 2
    network 10.0.0.0
    default-metric 1000 100 255 1 1500
    no auto-summary
    no eigrp log-neighbor-changes

    Though doing a Show Ip Route, does not give me information about the other
    ends from either router.
    If I try to add a neighbor, it wants it to be on a Subnet that is directly
    connected to the router. Is there another way to tell it who one if its
    neighbors is?

    Thanks,
    Scott<-
     
    Scott Townsend, May 13, 2005
    #5
  6. Hey Curtis,

    I've looked at a few Routing Protocols and Tried to get EIGRP to do what I
    want though I can only configure a Neighbor that is Directly Connected.

    Any Suggestions?

    Thanks,
    Scott<-
     
    Scott Townsend, May 23, 2005
    #6
  7. Scott Townsend

    djd Guest

    IPSec doesn't forward multicast traffic, which most routing protocols use (you
    could use BGP). However, an alternative might be to configure NTP in the remote
    router and specify the local ethernet interface as the source of the NTP traffic
    and an NTP server at HQ, that may be enough to keep the tunnel up, even if
    there's not really an NTP server at HQ.

    HTH - Good luck!
     
    djd, Jul 3, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.