Solved

Site - to - Site VPN on ADSL connection

Posted on 2008-06-11
9
292 Views
Last Modified: 2011-10-19
Hi Expert,

First of all let me admit that i m novice to this technololgy of VPN's & FW's so you may expect all types of silly doubts and questions from my end.

This is in regards to SITE-to-SITE VPN between two offices both on ADSL connection. I was somehow able to fix the VPN between to offices.
It worked for couple of days but later the tunnel went down and it is still down I think when the public IP address changes it is not updated to the hostname registered with DDNS. I have mentioned the configuration in the attached file

Earlier Qlemo suggested me few things to do such as
Clear ike-coo all
enable VPN monitor etc.. It started all working fine but not for very long.

please suggest me if there is anything i am missing for the VPN's to stay stable.


Thanks in advace,
Satish

setup.bmp
0
Comment
Question by:ssatishh08
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 21764220
It looks like you are using a DDNS service at both ends. I have never been able to make this work consistently. DDNS at one end works fine but at both ends it seems if the connection is lost even for a second the VPN is not re-established. I have run into this using several different manufacturer's hardware. I think you will find you need a static address at one end for stability.
0
 

Author Comment

by:ssatishh08
ID: 21764337
thanks fpr replying Rob but as if now i dont have that option of static Ip address. i have to make it work, a lot depends upon this.... i have to fix it desperately
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21764449
The point is I am doubtful there is anything you can do to fix it. Best practices for any VPN states that both ends be static. Cisco insists on this. I have about 20 tunnels running that are very stable using DDNS at one end, but have never successfully maintained a connection with 2 DDNS services for more than 2 days. One thing that helps is to ensure any "keep alive" options are enabled.

Perhaps others will have some suggestions though.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 77

Expert Comment

by:Rob Williams
ID: 21764819
Not to be difficult but as I understand it from the EE guidelines; "Please remember that if the answer to your question is You can't do that you still received an answer."  Step 4 of http://www.experts-exchange.com/help.jsp#hi36
My comments were not idle guesses but as my profile perhaps backs up, it is from a reasonable amount of experience.
Thanks,
--Rob
0
 

Author Comment

by:ssatishh08
ID: 21766280
I am not doubting ur capabilities rob its only my desperation and nothing else.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21768252
I understand your desperation, but how does closing and refunding points help your problem?
0
 

Author Comment

by:ssatishh08
ID: 21772432
i dont waht to close or refund unless i get a solution i got a temp solution which i thougt was full proof so i closed the case earlier
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question