?
Solved

Cisco VPN tunnels and Wake on LAN Magic Packet

Posted on 2010-09-23
3
Medium Priority
?
1,871 Views
Last Modified: 2012-05-10
We have a project in our company to introduce Wake on LAN to the network. Currently our network design is utilizing LAN-to-LAN tunnels with a Cisco VPN3030 Concentrator at our core and Cisco PIX501/ASA5505 at the remote site. We cannot get the broadcast traffic for the 'Magic Packet' to pass to the remote site, but if I send a WOL packet to a computer where the MAC and IP address are still in the ARP table it works.

Does anyone know how I can allow the Magic Packet to pass through the tunnel? Any help is greatly appreciated.
0
Comment
Question by:FFNetAdmins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 8

Expert Comment

by:Nothing_Changed
ID: 33753715
It works when the ARP is still in the table since the concentrator knows where to push the traffic. THe only way I know of to make this work would be to either configure static ARPs (bad idea) or to enable proxy arp on the concentrator (aslo a bad idea but a bit less so). Eitehr way you are likely to have a number of tough to track down intermittent problems.

Depending on your config, you MAY be able to direct your console issuing the WOL packets to send them as a directed broadcast as opposed to a flat out broadcast, and config your network gear to allow directed broadcasts (generally not allowed as a security precaution). Your console sending the packets would need to be able to remember what subnet the target PC is on, and then direct the broadcast appropriately. You really don't want your network gear holding any ARP or bridge table info longer than default, so it's got to be the console app.
0
 
LVL 6

Accepted Solution

by:
kuoh earned 2000 total points
ID: 33759250
Have you considered using a packet relay application on a server or permanently on workstation in the LAN?  You simply configure the relay to redirect all UDP packets of specific ports, typically 0, 7 or 9 for WOL, to the LAN broadcast address, then have the users send the WOL packet to the server.  The application will redirect the packets to the broadcast address and the workstation should wake up regardless of the state of ARP cache.  The only things the users have to know is the server IP and the MAC of their workstation, so the security risk should be minimal.  I've tried it with the application below and it works perfectly.  There's even a "run as service" version to allow full hands off functionality after the initial configuration.

http://www.manualends.com/Download/idxMERLY.html
0
 
LVL 7

Author Closing Comment

by:FFNetAdmins
ID: 33771145
We are testing this solution in our lab to confirm that it will work for our application.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month12 days, 19 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question