1. Home
  2. Cisco Systems
  3. Router (Dynamic IP) to PIX (static) VPN, how to force router to connect?

Router (Dynamic IP) to PIX (static) VPN, how to force router to connect?

I just installed a second 1721 router at a remote site and it connects to HQ via IPSec VPN. Works Great when I have a laptop there on site and its actively communicating back to the HQ Subnet. There is only one device there at the remote location and its just a web server of sorts, so it only talks when its spoken to.

My problem is that since the remote site is on DSL, the VPN drops here and there. Since the only device at the remote location does not talk unless spoken to, it never tries to bring up the VPN connection.

Is there a way to make the router keep the VPN connection up even if there is no traffic destined to the remote network?

The DSL Service is a Dynamic IP, so I can have HQ bring up the connection to the remote. I was hoping for some keep-alive that I can set up in the router to ping the HQ subnet every once in a while.

Thanks, Scott

Reply to
Scott Townsend
Loading thread data ...

hey scott

how about setting up a routing-protocol inside of the tunnel? - so the remotrouter tries to reach its neighbour and opens the connection

greetz, curtis

"Scott Townsend" schrieb im Newsbeitrag news:UIJge.1667$ snipped-for-privacy@newssvr21.news.prodigy.com...

Reply to
Curtis M. West

Hmmm... that's a thought. We have EIGRP at HQ. I should be able to configure that....

Though How do I set it up so it does not include the Outside Interface, but then still passes the Traffic back to the HQ Subnet?

Thanks!

Scott hey scott

Reply to
Scott Townsend

there is a command called "passive-interface". That shoudl get the job done. If I understan you correctly.

Frank

Reply to
Frank Durham

So I'm Setup As Follows:

10.10.1.1 - Core Router @ HQ 10.10.1.2 - PIX @ HQ, Connects to outside/Internet

SBC/DSL Dynamic IP Outside E0

10.20.1.1 Inside Interface @ Remote Site

On the Both the Core and Remote Routers I have: router eigrp 2 network 10.0.0.0 default-metric 1000 100 255 1 1500 no auto-summary no eigrp log-neighbor-changes

Though doing a Show Ip Route, does not give me information about the other ends from either router. If I try to add a neighbor, it wants it to be on a Subnet that is directly connected to the router. Is there another way to tell it who one if its neighbors is?

Thanks, Scott there is a command called "passive-interface". That shoudl get the job

Reply to
Scott Townsend

Hey Curtis,

I've looked at a few Routing Protocols and Tried to get EIGRP to do what I want though I can only configure a Neighbor that is Directly Connected.

Any Suggestions?

Thanks, Scott hey scott

Reply to
Scott Townsend

IPSec doesn't forward multicast traffic, which most routing protocols use (you could use BGP). However, an alternative might be to configure NTP in the remote router and specify the local ethernet interface as the source of the NTP traffic and an NTP server at HQ, that may be enough to keep the tunnel up, even if there's not really an NTP server at HQ.

HTH - Good luck!

Scott Townsend wrote:

Reply to
djd

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.