VPN between 2 Cisco routers (1 static, 1 dynamic) with access from stat --> dynamic over ISDN

Discussion in 'Cisco' started by Hans-Peter Walter, Jan 14, 2004.

  1. Hello,
    I need a solution for the following problem:

    We have got 1 Headquarter with a static IP for the Internet access and
    several branch offices that connect over VPN using an Internet access
    via DSL with a *dynamic* IP address. The connection works fine as long
    as the Branch office initiates the connection.
    If the headquarter wants to connect to a branch office (and the VPN is
    down), it should use an ISDN line to dial in the branch office router,
    then the branch office router should initiate the VPN tunnel and the
    ISDN connection should timeout. That's the theory! We played around a
    little bit and talked to several *specialists*, I saw a lot of
    configurations, but none made it possible to dial via ISDN and let the
    other Router initiate tunnel.
    We even thought about using a kind of dyndns.org, but Cisco will
    implement that earliest in Q3/2003 and we need another solution.
    We have tested Bintec routers, they do exactly this scenario using the
    d-channel of ISDN to let the other router initiate the VPN, but in
    that scenario Bintec does not support NAT. It's a mess!

    Amy suggestions or sample configs?
    Thanx in advance and have good new year!
    Hans-Peter Walter, Jan 14, 2004
    1. Advertisements

  2. Sorry, correct: Q3/2004
    Hans-Peter Walter, Jan 14, 2004
    1. Advertisements

  3. Hans-Peter Walter

    Masud Reza Guest

    Hi Walter:

    I do not see any problem with the scenario that you have described.

    A lot of implementations have 'ppp dialback' configured. This allows a
    site to initiate a call, then terminate it and the remote site calls

    You can implement ppp dialback between your Headquater and your

    As far as the VPN initiation is concerned, the VPN will automatically
    initiate if your access-list defines the proper 'interesting' traffic
    on the branch office side.

    Masud Reza, Jan 14, 2004
  4. Hans-Peter Walter

    Joe Bloggs Guest

    Hmmm ISDN and DSL into the branch office router.... Why dont you give them
    seperate subnets and specify the ISDN as interesting to the DSL VPN
    interface? In other words the remote router would see the isdn and
    subsequent packets coming through as an internal host requesting that the
    DSL and VPN link be brought up? (If it isn't already?) i.e. just push the
    routing all the way round to a spare loopback on the original HQ router. I
    dont see this being a problem.
    Joe Bloggs, Jan 21, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.