VPN between 2 Cisco routers (1 static, 1 dynamic) with access from stat --> dynamic over ISDN

VPN between 2 Cisco routers (1 static, 1 dynamic) with access from stat --> dynamic over ISDN: Posted by Hans-Peter Walter on January 13th, 2004; Hello,
I need a solution for the following problem:

We have got 1 Headquarter with a static IP for the Internet access and
several branch offices that connect over VPN using an Internet access
via DSL with a *dynamic* IP address. The connection works fine as long
as the Branch office initiates the connection.
If the headquarter wants to connect to a branch office (and the VPN is
down), it should use an ISDN line to dial in the branch office router,
then the branch office router should initiate the VPN tunnel and the
ISDN connection should timeout. That's the theory! We played around a
little bit and talked to several *specialists*, I saw a lot of
configurations, but none made it possible to dial via ISDN and let the
other Router initiate tunnel.
We even thought about using a kind of dyndns.org, but Cisco will
implement that earliest in Q3/2003 and we need another solution.
We have tested Bintec routers, they do exactly this scenario using the
d-channel of ISDN to let the other router initiate the VPN, but in
that scenario Bintec does not support NAT. It's a mess!

Amy suggestions or sample configs?
Thanx in advance and have good new year!
H.P.Walter; Posted by Hans-Peter Walter on January 14th, 2004; Sorry, correct: Q3/2004; Posted by Masud Reza on January 14th, 2004; Hi Walter:

I do not see any problem with the scenario that you have described.

A lot of implementations have 'ppp dialback' configured. This allows a
site to initiate a call, then terminate it and the remote site calls
back.

You can implement ppp dialback between your Headquater and your
branches.

As far as the VPN initiation is concerned, the VPN will automatically
initiate if your access-list defines the proper 'interesting' traffic
on the branch office side.

Masud

hpw@hpw.de (Hans-Peter Walter) wrote in message news:<56da4b51.0401131648.55965662@posting.google. com>...; Posted by Joe Bloggs on January 21st, 2004; Hmmm ISDN and DSL into the branch office router.... Why dont you give them
seperate subnets and specify the ISDN as interesting to the DSL VPN
interface? In other words the remote router would see the isdn and
subsequent packets coming through as an internal host requesting that the
DSL and VPN link be brought up? (If it isn't already?) i.e. just push the
routing all the way round to a spare loopback on the original HQ router. I
dont see this being a problem.

Hans-Peter Walter wrote:

Similar Posts

Does Pix or cisco router support dynamic-to-dynamic IPSec VPN? (Routers) by c
static nat and dynamic at pix 501 (Routers) by kfirs Sayag
static or dynamic which is better? (Internet & Broadband) by Whiteflyer
Building VPN's: Static/Dynamic//IOS/PIX/Cisco VPN Client/ all at the same time (Routers) by hk
IPSec - Lan to Lan - Nat routers - 1 Static and 1 Dynamic ip (Routers) by Sharqy_5