Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

dynamic vpn tunnel

I have a vpn tunnel setup with a PIX515 static ip on one end, and a pix501 with dynamic ip on other end.

Before the tunnel will come up you have to ping an ip behind the 515 from the 501. The 501 has to establish the tunnel since it has a dynamic ip.

Is there anyway I bring the tunnel up auto. without having to ping?

If the tunnel would go down for some reason, it might not come back on its own.

The device at the remote site is polled from HQ and doesn't try and talk back to HQ subnet, so the tunnel probably won't come back on its own.

Also is there anyway to update DYNDNS with a pix501

2 REPLIES
Cisco Employee

Re: dynamic vpn tunnel

You can get the 501 to send regular packets over the tunnel by configuring an NTP server on it. Set up an NTP server on your main network (any Cisco router can act as an NTP server if you don't have a Unix box), then point the 501 at it with the command:

clock timezone

clock summertime ......

ntp

This will make the 501 regularly send NTP packets to the main site which should keep the tunnel up. It has the added benefit of keeping all your syslogs in the correct time.

See the following links for command details:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/c.htm#wp1026160

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/mr.htm#wp1186068

And sorry, there's no way I know of to update DynDNS with a pix.

New Member

Re: dynamic vpn tunnel

How do I get the 501 to talk through the tunnel?

Subnet behind pix 515 is:

172.16.5.0/24

Subnet behind pix 501 is

192.168.130.0/24

If I try and ping an address on 172.16.5.0 subnet from the PIX 501 console, I get no response, but if I hook a PC to the 501 it will bring the tunnel up and I will get a response.

NTP sounds like a good idea, if it can talk through tunnel.

295
Views
0
Helpful
2
Replies
CreatePlease to create content