VPN between 2 Cisco routers (1 static, 1 dynamic) with access from stat --> dynamic over ISDN

Discussion in 'Cisco' started by Hans-Peter Walter, Jan 14, 2004.

  1. Hans-Peter Walter

    Hans-Peter Walter Guest

    Hello,
    I need a solution for the following problem:

    We have got 1 Headquarter with a static IP for the Internet access and
    several branch offices that connect over VPN using an Internet access
    via DSL with a *dynamic* IP address. The connection works fine as long
    as the Branch office initiates the connection.
    If the headquarter wants to connect to a branch office (and the VPN is
    down), it should use an ISDN line to dial in the branch office router,
    then the branch office router should initiate the VPN tunnel and the
    ISDN connection should timeout. That's the theory! We played around a
    little bit and talked to several *specialists*, I saw a lot of
    configurations, but none made it possible to dial via ISDN and let the
    other Router initiate tunnel.
    We even thought about using a kind of dyndns.org, but Cisco will
    implement that earliest in Q3/2003 and we need another solution.
    We have tested Bintec routers, they do exactly this scenario using the
    d-channel of ISDN to let the other router initiate the VPN, but in
    that scenario Bintec does not support NAT. It's a mess!

    Amy suggestions or sample configs?
    Thanx in advance and have good new year!
    H.P.Walter
     
    Hans-Peter Walter, Jan 14, 2004
    #1

    1. Advertisements

  2. Hans-Peter Walter

    Hans-Peter Walter Guest

    Sorry, correct: Q3/2004
     
    Hans-Peter Walter, Jan 14, 2004
    #2

    1. Advertisements

  3. Hans-Peter Walter

    Masud Reza Guest

    Hi Walter:

    I do not see any problem with the scenario that you have described.

    A lot of implementations have 'ppp dialback' configured. This allows a
    site to initiate a call, then terminate it and the remote site calls
    back.

    You can implement ppp dialback between your Headquater and your
    branches.

    As far as the VPN initiation is concerned, the VPN will automatically
    initiate if your access-list defines the proper 'interesting' traffic
    on the branch office side.

    Masud
     
    Masud Reza, Jan 14, 2004
    #3
  4. Hans-Peter Walter

    Joe Bloggs Guest

    Hmmm ISDN and DSL into the branch office router.... Why dont you give them
    seperate subnets and specify the ISDN as interesting to the DSL VPN
    interface? In other words the remote router would see the isdn and
    subsequent packets coming through as an internal host requesting that the
    DSL and VPN link be brought up? (If it isn't already?) i.e. just push the
    routing all the way round to a spare loopback on the original HQ router. I
    dont see this being a problem.
     
    Joe Bloggs, Jan 21, 2004
    #4

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. Building VPN's: Static/Dynamic//IOS/PIX/Cisco VPN Client/ all at the same time

  2. VPN between Cisco 837 (static IP) and Soho 97 (dynamic IP)

  3. VPN between Cisco 837 and cisco 837 with IP static and ip dinamic

  4. pc with isdn modem not connecte isdn 1841 router with isdn module

  5. VOIP over VPN over TCP over WAP over 3G

  6. VPN between peers with dynamic IP address and dynamic DNS

  7. Trying to access the PDM of a Cisco pix over a Remote Access VPN withCisco VPN Client

  8. VPN between Static & Dynamic addressed ASA

Loading...