Re-establishing VPN connection when ISP forces new IP address

We are using a CISCO router (851) in Greenland to connect to be able to connect from our facility in Colorado to a GPS receiver in Greenland. TeleGreenland charges a lot for a fixed IP address using a ADSL modem, so we are trying to VPN to our facility using the CISCO router through the much less expensive dynamic IP address option. We are able to VPN successfully for a short while, but appears the ISP forces a new IP address every so often, which breaks our VPN tunnel. So far we have not been able find a solution for re-establishing the VPN tunnel once the IP address is changed. Does anyone have any suggestions on how to program the router to circumnavigate this problem? Thanks...Thomas

Reply to
polarbear2008
Loading thread data ...

Is the IP address change occurring because you are not keeping the ADSL connection "UP"?

More likely to maintain a consistent dynamically assigned IP with a persistent UP state (i.e.: renew an existing lease vs. trying to lease an IP you previously relinquished).

C> We are using a CISCO router (851) in Greenland to connect to be able

Best Regards, News Reader

Reply to
News Reader

| We are using a CISCO router (851) in Greenland to connect to be able | to connect from our facility in Colorado to a GPS receiver in | Greenland. TeleGreenland charges a lot for a fixed IP address using a | ADSL modem, so we are trying to VPN to our facility using the CISCO | router through the much less expensive dynamic IP address option. We | are able to VPN successfully for a short while, but appears the ISP | forces a new IP address every so often, which breaks our VPN tunnel. | So far we have not been able find a solution for re-establishing the | VPN tunnel once the IP address is changed. Does anyone have any | suggestions on how to program the router to circumnavigate this | problem?

What exactly are you using for the tunnel? One approach that would probably work is a multi-point GRE tunnel with NHRP so the dynamic side can update the other end's notion of its address.

Dan Lanciani ddl@danlan.*com

Reply to
Dan Lanciani

Another option would be to setup the 851 as an EasyVPN client in network-extension mode, to a Cisco device in Colorado acting as the 'server' - but this again assumes the server end has a fixed IP. I would suggest this is OK if you're only connecting two sites - if you want to add more sites connecting to the one in Greenland, then maybe DMVPN (mGRE tunnelling with IPSec profiles as above) is a better way forward.

Cisco IOS IPSec VPN technology page:

formatting link

Reply to
Al

Thanks for all of your suggestions. We found a solution to our problem. We setup both Syslog logging and NTP to sync with servers on our VPN-only accessible network, thus forcing the router to re- establish the VPN tunnel if only to sync with the NTP server and deliver logging messages. We are also running a 'kron' a few times a day to ensure the tunnel stays up.

-Thomas

Reply to
polarbear2008

Thanks for all of your suggestions. We found a solution to our problem. We setup both Syslog logging and NTP to sync with servers on our VPN-only accessible network, thus forcing the router to re- establish the VPN tunnel if only to sync with the NTP server and deliver logging messages. We are also running a 'kron' a few times a day to ensure the tunnel stays up.

-Thomas

Reply to
polarbear2008

EasyVPN is a really good option for these scenarios. We use it for many sites that have smaller Cable/DSL based ISPs.

Reply to
Steven B

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.