Can we have a MPLS discussion forum?

I am using a Cicso VPN client supplied by a vendor. I would like to automate the process of making/ending the connection. I can run the client.exe program in a batch file, or use the SHELL command in Visual Basic, and have checked the auto connect box so the connection is made, but there is no way to disconnect and close the VPN client after sending/receiving files. Is there a work around for this?

Thanks,

Dave Murray

dmurray@rbmg.com

We have a lot of problems with SDI authentication from VPN concentrator 3000 devices.

It seems that every version of concentrator software has bugs in this area. 3.0.3B claims to have solved the "non in service problem". I disagree.

Even 3.1 has problems in this area, and we really don't know which version, if any is stable.

I have to configure a VPN3005 in the back of a 3620: 3620 authenticates the dial-up user through RADIUS and then the VPN client has to setup an IPSEC tunnel with VPN3005.

But then VPN client is unable to set security policies with VPN3005, as if in some way the 3620 would filter some protocols/ports.

Please help.

I have a customer with VPN tunnels from central site to branch offices over internet. we want to backup it with point to point isdn connection:

Internet connection are maded with Frame Relay connectivity

Brach office have 2600 router with bri interface.

Central site have pri interface.

I think to use backup interface from branch office to central site; but from central site I need to use routing ..??

I appreciate sugestions.

I am having initial connection problems logging into our servers through our IPIP tunnels using private addresses. The UNIX Login prompt and FTP Login prompts take over a minuit to appear or time out all together. If we use NAT and telnet or FTP to the public address the login prompt displays immediatly. We are using 2600 routers in the field and a 3600 router at the Colo site. There is also a PIX at the colo site that the tunnels have access through. Additionally we have a four site private frame that also terminates at the 3600 router and those sites are also experiencing the same delays but they don't have the ability to access the servers throught the internet. Here is a sample config of one site and the 3600.

Sample Site

!

interface Tunnel25

ip address 172.25.0.1 255.255.255.252

no ip directed-broadcast

tunnel source Ethernet0

tunnel destination 216.44.44.44

tunnel mode ipip

!

interface Ethernet0

description 025 Internet

ip address 254.200.93.10 255.255.255.252

ip access-group 101 in

no ip directed-broadcast

ip nat outside

!

interface Ethernet1

description 025 LAN

ip address 10.25.0.1 255.255.255.0

no ip directed-broadcast

ip nat inside

!

ip nat inside source list 1 interface Ethernet0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 e0

ip route 10.0.0.0 255.0.0.0 Tunnel25

ip route 10.10.0.0 255.255.0.0 Tunnel25

ip route 10.11.0.0 255.255.0.0 Tunnel25

ip route 10.15.0.0 255.255.0.0 Tunnel25

3600 main router

!

interface Tunnel25

ip address 172.25.0.2 255.255.255.252

tunnel source Ethernet0/0

tunnel destination 254.200.93.10

tunnel mode ipip

!

interface Ethernet0/0

description Exodus LAN

ip address 10.11.1.1 255.255.0.0 (pix 216.44.44.44)

!

interface Serial0/0

description Anywhere T1

ip address 10.20.1.2 255.255.255.252

service-module t1 clock source internal

!

interface Serial0/1

description Intermedia 192k PVC

no ip address

encapsulation frame-relay IETF

load-interval 30

service-module t1 timeslots 1-3

frame-relay lmi-type ansi

!

interface Serial0/1.1 point-to-point

description pvc to Sacramento

ip address 10.2.254.1 255.255.255.252

frame-relay class CUL1

frame-relay interface-dlci 102

frame-relay payload-compression packet-by-packet

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.11.1.10

ip route 10.10.0.0 255.255.0.0 10.20.1.1

ip route 10.15.0.0 255.255.0.0 10.11.1.10

ip route 10.25.0.0 255.255.255.0 Tunnel25