Any way to bring up a tunnel from within the router/firewall?

Unanswered Question
Sep 14th, 2007

I've set up a number of site-to-site IPSEC tunnels, but the one thing that I can't seem to get is: Is there any way to bring the tunnel up if I am not actually at one of the endpoints?

...usually I can just tell one of the people at either end to do a PING or something so that the "interesting traffic" access-list gets a hit and brings up the tunnel, but if it's midnight and I'm SSH-ed into a firewall from home and I want to bring up the tunnel to see that it's working, can I do it using any commands on the router/firewall... my understanding is that traffic sourced from the router/firewall won't hit any access lists, so I can't bring up the tunnel with a simple PING. (or is my understanding wrong?)

Any ideas or "tricks" that people use to accomplish this?

Thomas Dzubin

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mfreijser Tue, 09/18/2007 - 05:53

There are several ways to do this:

- Router:

You can use an extended ping from a router, but this is not possible for a Pix or ASA.

- Firewall:

You can use the 'Test' button in Monitoring section from the ASDM for a Pix/ASA with software version 7.x. There is no way (for as far as i know) to test this from a firewall running Pix software 6.x.

Please rate if the post is usefull!




This Discussion