dynamic vpn keep alive|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||
|
Posted by alexd on July 22, 2009, 9:34 am
Please log in for more thread options
Check the SMTP inspection settings, although I can't think why it would work for a few days then stop. -- <http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
14:32:57 up 77 days, 2:41, 2 users, load average: 0.09, 0.10, 0.09
A few flakes working together can unleash an avalanche of destruction | ||||||||||
|
Posted by Martin on June 16, 2009, 1:22 am
Please log in for more thread options > situation:
the post from bod43 looks on the money but I was just wondering how do you
> i have cisco 1841 [headq] on static address and cisco 876 [branch office] > on dynamic adsl address > it is configured an ipsec vpn tunnel between them so both locations are > part of corporate network [wan] > when the tunnel is up, i may reach headq from branch, and branch from > headq as well, this is ok > > problem: > but, when 876 adsl address changes [regularly], obviously tunnel is going > down, and i need incoming call [f.e. ping] from branch office to static > headq [well known ip] to re-establish the tunnel. it is then ok for next > period > > current solution: > at branch office, i have one dedicated workstation allways powered-on that > serves as ping generator, to keep tunnel to headq on. i was not trying any > solution based on dyndns or similar. > > question: > is it possible to configure cisco 876 router to periodicaly issue ping [or > something similar] on frequent basis [few minutes] to force tunnel > re-establish after adsl address change > > > any suggestions? > > thnx! setup a vpn tunnel when one end is dynamic - I have always had to have static IP's at both ends )-: Can someone post a config that shows the commands for the static end eg. what address do you use on the crypto commands at the static end? cheers and thanks martin | ||||||||||
|
Posted by bod43 on June 17, 2009, 12:54 am
Please log in for more thread options >
> > > situation:
> > i have cisco 1841 [headq] on static address and cisco 876 [branch office] > > on dynamic adsl address > > it is configured an ipsec vpn tunnel between them so both locations are > > part of corporate network [wan] > > when the tunnel is up, i may reach headq from branch, and branch from > > headq as well, this is ok >
> > problem:
> > but, when 876 adsl address changes [regularly], obviously tunnel is going > > down, and i need incoming call [f.e. ping] from branch office to static > > headq [well known ip] to re-establish the tunnel. it is then ok for next > > period >
> > current solution:
> > at branch office, i have one dedicated workstation allways powered-on that > > serves as ping generator, to keep tunnel to headq on. i was not trying any > > solution based on dyndns or similar. >
> > question:
> > is it possible to configure cisco 876 router to periodicaly issue ping [or > > something similar] on frequent basis [few minutes] to force tunnel > > re-establish after adsl address change >
> > any suggestions?
>
> > thnx!
>
> the post from bod43 looks on the money but I was just wondering how do you > setup a vpn tunnel when one end is dynamic - I have always had to have > static IP's at both ends )-: > > Can someone post a config that shows the commands for the static end eg. > what address do you use on the crypto commands at the static end? I have the idea that you can do this with DMVPN. Dynamic Multipoint... One possible disadvantage is that if someone gets hold of a remote router, they can then access your network from any IP address. I suppose there will be some mitigations available (e.g. restrict IP range to that of one ISP) and I suppose that you will be able to turn off a single router's access once you find out that it is missing. Much guesswork above. | ||||||||||
|
Posted by Uli Link on June 17, 2009, 6:34 am
Please log in for more thread options bod43 schrieb:
> One possible disadvantage is that if someone gets hold of
> a remote router, they can then access your network > from any IP address. I suppose there will be some mitigations > available (e.g. restrict IP range to that of one ISP) and I > suppose that you will be able to turn off a single router's > access once you find out that it is missing. Revoke the certificate of the spoke router and it can't join the DMVPN network any more... If you only have two or three spokes you may change the preshared key on the remaining ones, if you don't wan't a PKI. -- ULi | ||||||||||
| Similar Threads | Posted |
| dynamic vpn keep alive | June 14, 2009, 5:45 pm |
| DSL Line dropping, need cable pull for ATM interface to come alive | December 30, 2005, 10:36 am |
| VPN between peers with dynamic IP address and dynamic DNS | February 4, 2008, 12:28 pm |
| Dynamic Outside NAT | November 30, 2005, 4:43 pm |
| dynamic? | March 3, 2006, 2:07 am |
| NAT to dynamic IP? | August 1, 2008, 2:03 am |
| Dynamic Outside Translation | October 17, 2005, 4:29 pm |
| Dynamic bandwidth | December 14, 2005, 2:49 pm |
| Dynamic DNS woes | January 7, 2006, 1:11 pm |
| PIX dynamic VPN question | June 19, 2006, 10:40 am |
| Static & Dynamic NAT | July 4, 2006, 11:31 am |
| dynamic ban-list | July 7, 2006, 5:14 am |
| Re: Dynamic NAT Failure | September 1, 2006, 9:53 am |
| Dynamic NAT Failure | August 28, 2006, 11:54 am |
| Dynamic to Static PIX to PIX VPN | September 19, 2006, 10:34 am |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
> case, there is static ip, if it counts], and one of computers is not able
> to send mail. cisco passes just the first few hundreds of bytes over port
> 25
> [smtp] and then stops, so, from that very computer, it is possible to send
> only very short mails. after reseting the cisco 876-router, it sends mail
> correctly for next few days.