Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
2
Replies

VPN from IoS Router over ISDN

i-kendall
Level 1
Level 1

‎11-14-2001 06:44 AM - edited ‎02-21-2020 11:29 AM

I have a customer who wants to have a router on one site, with ISDN Internet access, and use this to connect to a central site using IPSec/VPN. Are there any pointers to what I configure in the dialer-list to only dial when there is 'real' traffic, and not have it permanently connected due to the IPSec/IKE etc. maintaining a connection to the central site.

Labels:
0 Helpful
2 Replies 2

r-simpson
Level 3
Level 3

‎11-20-2001 01:58 PM

Can’t you just configure your radius idle timer to whatever you need (use ‘show caller timeout’ to verify). Define your interesting traffic to bring up the dialer and the tunnel will teardown when inactive based on the timer. Don’t use keepalives on your VPN or the tunnel/dialer will stay up forever.

0 Helpful

m.lestoquoy
Level 1
Level 1

‎11-21-2001 07:49 AM

If you talk about the IKE keepalive, I may have a workaround for you.

I've not tried, but I heard it from a cisco guy.

You cannot disable the IKE keepalive but you can distinguish them from another IKE trafic because the source address is 0.0.0.0

So, if your dialer-list exclude this trafic, your line will not go up.

0 Helpful
Customers Also Viewed These Support Documents