Instantiate VPN Connection Remotely

Meanwhile, at the comp.dcom.sys.cisco Job Justification Hearings, TimParker chose the tried and tested strategy of:

Are they using VPN client software, or do they had site to site tunnels on their routers? If the former, then yes, so long as the VPN client connection is up. If the latter, then yes, so long as their router is switched on.

We are using the Client software. They are sitting behind another companies network. When they log off, it naturally kills the connection. I guess I would have to get them behind a static IP there and put a router of some sort to be able to do site to site. Probably not going to happen...hmmmm

Thanks.

well, you can place them behind little ASA5505 or 800 series Cisco routers with Cisco EasyVPN Remote configured. This will enable you to reach remote computers all the time and you don't need to have static public IP in this case because EasyVPN Remote is actually a hardware VPN client feature. If you don't have private IP network address overlapping issue you can configure EasyVPN Remote in network extension mode. If you have address overlap then hardware vpn client is in client mode which means that all traffic from remote site to your site is PATed to the vpn client pool address. If you can place DNS server on the remote site then remote router or ASA firewall will also translate DNS reply and create inside -> outside NAT translation which will enable you to initiate connection from your site to the remote one. If you can't "afford" dns server there then you can use static NAT to be able to initiate connections from your side. Hope I helped a little bit...

Regards, Igor

Thanks. Gives me a few more things to think about!

hey are sitting behind another