We're setting up VPN connections to Amazon AWS from our branch offices.

AWS charges by the hour for active VPN tunnels. It's only USD$0.05/hr but multiplied by 15-20 locations it will begin to add up.

This is on an 1841 with IOS 15.1

Tunnel1 config (tunnel 2 is almost identical, just different IPs)

interface Tunnel1

ip address 169.254.255.82 255.255.255.252

ip virtual-reassembly in

ip tcp adjust-mss 1387

tunnel source FastEthernet0/0

tunnel mode ipsec ipv4

tunnel destination 72.21.209.194

tunnel protection ipsec profile ipsec-vpn-f09f7f99-0

end

We only use the tunnels during business hours (~8am to ~5pm)

I'm looking for a way to bring our tunnel interfaces up only when traffic is present.

I currently just set it up with EEM to bring the tunnels up at 8am and down at 6pm but would like to have the tunnels established on demand in case someone is working late.

EEM configs:

event manager applet tunnels_down_6pm

  event timer cron name schedule_tunnels_down_6pm cron-entry "0 18 * * *"

  action 1.0 cli command "enable"

  action 2.0 cli command "config t"

  action 3.0 cli command "interface tunnel1"

  action 4.0 cli command "shutdown"

  action 5.0 cli command "exit"

  action 6.0 cli command "interface tunnel2"

  action 7.0 cli command "shutdown"

  action 8.0 cli command "exit"

  action 9.0 cli command "exit"

event manager applet tunnels_up_8am

  event timer cron name schedule_tunnels_up_8am cron-entry "0 8 * * *"

  action 1.0 cli command "enable"

  action 2.0 cli command "config t"

  action 3.0 cli command "interface tunnel1"

  action 4.0 cli command "no shutdown"

  action 5.0 cli command "exit"

  action 6.0 cli command "interface tunnel2"

  action 7.0 cli command "no shutdown"

  action 8.0 cli command "exit"

  action 9.0 cli command "exit"

Is there a way to do this?  I'd like the interfaces online only when traffic is present, similar to DDR - tunnel established at first packet -- tunnel is maintained for ~30mins after the last packet.

Thanks