1. Home
  2. Cisco Systems
  3. Running ping with kron

Running ping with kron

Quoting last summer's Andreas Tikart question below.

Did anyone here happen to solve this problem, the VPN activation from within the cisco box would be great...

Thanks,

Patrick

----------------------------------------------------------------------------------------- Andreas Tikart

07-25-2004, 02:45 AM Hi,

I want to open an IPSec tunnel automaticly. For this I created a cronjob with sends pings though the tunnel forcing the IPSec tunnel to open. Unfortunally the policy-list is removed from the running-config after the job has run once. I think the ping-command fullfills the requirements for using in cronjobs (no manually entered input required, command will not be canceled by keystoke).

Does anyone know whats wrong ?

Thanks

Andreas

------- Schnipp ------- Schnipp ------- Schnipp -------

kron occurrence Job2 in 15 recurring policy-list StartIpsecTunnel

kron policy-list StartIpsecTunnel cli ping ip 192.168.25.252 source 172.19.10.1

------- Schnipp ------- Schnipp ------- Schnipp -------

Jun 28 09:11:45: Major 1, Minor 0 Jun 28 09:11:45: Timer Event Job2 Jun 28 09:11:45: Kron delay for next Job2 900000 Jun 28 09:11:45: Call parse_cmd 'ping ip 192.168.25.252 source

172.19.10.1' Jun 28 09:11:46: Kron CLI return 0 ' **CLI 'ping ip 192.168.25.252 source 172.19.10.1': Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.25.252, timeout is 2 seconds:Packet sent with a source address of 172.19.10.1 !!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 104/105/108 ms' Jun 28 09:11:46: Major 4, Minor 7 Jun 28 09:11:46: Respond to end of CLI Process Jun 28 09:11:46: Forcing Removing Policy StartIpsecTunnel Jun 28 09:11:46: Removing Policy StartIpsecTunnel Jun 28 09:11:46: Removing CLI 'ping ip 192.168.25.252 source 172.19.10.1' Jun 28 09:11:46: Done Removing Policy StartIpsecTunnel

------------------------------------------------------------------------------------------

Reply to
Patrick A
Loading thread data ...

I'm using SAA generated traffic for such purpose at one customer and BGP at other customer (just for keeping the tunnel UP not really for routing).

Reply to
Ivan Ostreš

Thanks for the information. Though, I am carefully trying to master the actual traffic volume for costs purposes, the SAA traffic might be expensive... The VPN tunnel is the fallback circuit for a SCADA application, the Internet access is a GPRS link, that I want to monitor 24H/24 within the data budget (i.e. 50 MByte/month). It cannot afford any blabbering, unless the "keepalive" timers are fully settable.

To be tested then... Any other idea ?

Thanks

Patrick

"Ivan Ostres" a écrit dans le message de news: snipped-for-privacy@news.individual.net...

Reply to
Patrick A

Apparently not. Even though "ping a.b.c.d" requires precisely 0 interaction, the ping command *CAN* be interactive, "ping ip", and kron is really fussy about it.

Reply to
Martin Gallagher

Right, that is true that "ping" can be interactive, too bad it is classified in this list for my purpose... Also, I've seen in the reference that "ping" can be cancelled by some key sequence, I don't remember what sequence. This could also be a reason why "ping" is forbidden in the kron cli list...

Would any other cli command allow to specify the source IP address (or interface) ? That would also do the job in triggering the VPN tunnel (according that this cli command is not interactive)...

Regards,

Patrick

"Mart>

Reply to
Patrick A

Hi,

I once saw someone use NTP on a cisco pointing to an arbitrary, but selected, address to bring up something or other.

Don't know if you can do real NTP at the same time as this 'fake' ntp or not.

Must be other options too:-

ospf with fake, or real, neighbours? tunnels ...

Reply to
anybody43

I've always used BGP when I've needed a router to generate continuous traffic. You can specify the source and destination address desired, and even if you don't configure a peer at the other end, you will still get retries on the initial TCP connection setup. If you do have a peer at the other end, you have full control over how often a keepalive will be sent. Use for routing purposes is optional.

Good luck and have fun!

Reply to
Vincent C Jones

-----------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------

Could RTR be useful?

I would keep up a tunnel and I set up a RTR section with ping command every 1 minute. It did work.

rtr 1 type echo protocol ipIcmpEcho timeout 500 frequency 60 rtr schedule 1 start-time now

Alex.

Reply to
AM

Hi all,

Yup, it is indeed !

This SAA thing is just perfect for my purpose, one can even set the "source-ipaddress" of the VPN interface in the echo command ! The debug ip packet shows the only 64 bytes of the icmp packet going out every minute, no blabbering, just pure efficiency...

Actually, this features turns the low-cost dynamic-IP-address-based Internet connections into reliable always-on links to the remote sites, with static VPN IP addresses ! Whatever the status of the computers at the remote sites, the centralization site can monitor the links and have access to the VPN remote routers.

BTW do you have the GPRS service from the cellular networks over there in the US ?

Thanks a lot Alex, I have been looking forward to finding a cisco internal solution for a couple of months...

Best regards,

Patrick

Reply to
Patrick A

FYI, I added the "life forever" parameter in the rtr schedule and it now works forever.

Thanks Ivan for pointing out the SAA issue and Alex for providing the rtr example.

Best regards to all,

Patrick :-)

"Patrick A" a écrit dans le message de news:

4256eb86$0$826$ snipped-for-privacy@news.wanadoo.fr...
Reply to
Patrick A

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.