Hello I have a number of 850/870 series routers dotted about the globe, usually behind various types of firewall or NAT device. They run an EzVPN back to either a PIX or an IOS router in the UK.
A number of them are running on poorly performing connectivity, e.g. flaky DSL or cable, or perhaps behind a consumer NAT box that frequently falls over. Since I have no access to them when they're behind a firewall, can anyone offer advice on how to make the configuration robust, so: * If they lose their DHCP-assigned IP address on the Internet-facing side, they will continually try for a new address * If they lose IPSec connectivity, they will aggressively try to reconnect * If they lose IPSec connectivity for longer than one hour or so, they will reload * Syslog events are stored locally so they're preserved across a reboot (which may be asking too much). What do other people do when you have call-home-only devices? Currently, some of the routers use an IP SLA operation to ping a device included within the IPSec SA, but is this optimal? Parallel discussions welcomed - if it saves having to call a guy in a foreign country to "reboot the router", it will be well received :) Peter -- Peter Hicks | e: [EMAIL PROTECTED] | g: 0xE7C839F4 | w: www.poggs.com A: Because it destroys the flow of the conversation Q: Why is top-posting bad? _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/