|
|
initialize a vpn connection from the router itself
I configure a router 877 at home to connect to my office router via
IPSEC. It works great but I have a small problem that I can not
initiate a VPN connection when I ping my office network from my router
itself.
I have to ping from one of my workstations at home in order to
initialize the VPN connection if it is not established yet.
Is there any way for me to do it from the router itself ? I need to do
this because sometimes I access to my router remotely and want to do
some tests.
Thanks for your help,
DT
|
|
0
|
|
|
|
Reply
|
 dt1649651 (101)
|
8/9/2005 4:59:50 PM |
|
In article <1123606790.430037.22880@f14g2000cwb.googlegroups.com>,
dt1649651@yahoo.com <dt1649651@yahoo.com> wrote:
:I configure a router 877 at home to connect to my office router via
:IPSEC. It works great but I have a small problem that I can not
:initiate a VPN connection when I ping my office network from my router
:itself.
Yeah, that happens. I think if you check your ACL that describes
what is to be tunneled, you will find that the outside IP address of the
router itself is not listed as a tunnel source.
--
Look out, there are llamas!
|
|
|
0
|
|
|
|
Reply
|
 roberson
|
8/9/2005 5:34:30 PM
|
|
Hi,
Have you tried using an extended ping?
This allows you to ping from a specific interface on the router.
I imagine your VPN match access-lists imply the internal networks on
both sides?
Type "ping" hit enter
hit enter again for the default "protocol ip"
enter destination ip address
hit enter till you get the extended commands (y)
and type in the source ip address being your internal interface on the
router.
Rob.
|
|
|
0
|
|
|
|
Reply
|
RobO
|
8/9/2005 5:35:17 PM
|
|
<dt1649651@yahoo.com> wrote in message
news:1123606790.430037.22880@f14g2000cwb.googlegroups.com...
> I configure a router 877 at home to connect to my office router via
> IPSEC. It works great but I have a small problem that I can not
> initiate a VPN connection when I ping my office network from my router
> itself.
>
> I have to ping from one of my workstations at home in order to
> initialize the VPN connection if it is not established yet.
>
> Is there any way for me to do it from the router itself ? I need to do
> this because sometimes I access to my router remotely and want to do
> some tests.
>
> Thanks for your help,
>
> DT
>
Does your home network have a static IP address? If not, then your work
router probably just has the connection address of 0.0.0.0 associated to
that connection. Given that, there is no way for the work router to know
how to connect to your home. One option is to have some keep alives going
across the network which will keep the connection up. If you have a routing
protocol on the vpn connection, then your home router should always keep the
connection open.
|
|
|
0
|
|
|
|
Reply
|
Scooby
|
8/9/2005 6:17:26 PM
|
|
Walter Roberson wrote:
> In article <1123606790.430037.22880@f14g2000cwb.googlegroups.com>,
> dt1649651@yahoo.com <dt1649651@yahoo.com> wrote:
> :I configure a router 877 at home to connect to my office router via
> :IPSEC. It works great but I have a small problem that I can not
> :initiate a VPN connection when I ping my office network from my router
> :itself.
>
> Yeah, that happens. I think if you check your ACL that describes
> what is to be tunneled, you will find that the outside IP address of the
> router itself is not listed as a tunnel source.
Hi Walter,
Thanks for explanation. Yes, I turned on the debug and I saw that but
dunno how to pass it. I am sure there is a way to do it because when I
used the SDM, it asked me if I want it to test by itself ( it means it
will run commands from the router ) or by an external workstation.
DT
|
|
|
0
|
|
|
|
Reply
|
dt1649651
|
8/9/2005 6:20:21 PM
|
|
RobO wrote:
> Hi,
>
> Have you tried using an extended ping?
> This allows you to ping from a specific interface on the router.
> I imagine your VPN match access-lists imply the internal networks on
> both sides?
>
> Type "ping" hit enter
> hit enter again for the default "protocol ip"
> enter destination ip address
> hit enter till you get the extended commands (y)
> and type in the source ip address being your internal interface on the
> router.
>
Thanks Rob for the "extended" command. Yes, it works !
DT
|
|
|
0
|
|
|
|
Reply
|
dt1649651
|
8/9/2005 6:22:44 PM
|
|
Scooby wrote:
>
> Does your home network have a static IP address? If not, then your work
> router probably just has the connection address of 0.0.0.0 associated to
> that connection. Given that, there is no way for the work router to know
> how to connect to your home. One option is to have some keep alives going
> across the network which will keep the connection up. If you have a routing
> protocol on the vpn connection, then your home router should always keep the
> connection open.
Thanks for your reply, Scooby. My home network does not have a static
IP address ( I wish I had ) . I do not need to keep the connection
alive all the time. I want to try different VPN configurations between
my 877 and my work router so I can apply them to my co-workers's home
networks, therefore I have to close and initiate the VPN connections.
My problem is on the ACL for the protected networks. As Walter and Rob
suggested, I used the extended ping command and it works.
DT
|
|
|
0
|
|
|
|
Reply
|
dt1649651
|
8/9/2005 6:29:48 PM
|
|
|
6 Replies
247 Views
(page loaded in 0.195 seconds)
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
24754 articles. 
23 followers. 