Subject: Cipe over non-persistent links
From: SYLVAIN.COUTANT,AT,illicom,DOT,com
Date: Thu, 22 Mar 2001 16:56:56 +0100

Hi all,

I try to run cipe between a leased line and an ISDN line which is not up all
the time.

Here's the simple schema :


F1, F2 : firewalls
LL : leased line router
ISDN : ISDN router (with NAT)

This configuration causes me lots of trouble. Cipe devices are always up, but
when the ISDN line come down after a timeout period, its NAT table is lost.
While the ISDN line is down, cipe drivers on firewall are still up and simply
don't exchange anything.
When the ISDN line comes back up, it uses a different port for NAT and
incoming cipe packets on F1 are not recognized. The only way to let cipe
drivers reconnect is to bring one down then back up and send ping packets
both sides using the cipe tunnel.

Did someone already managed to get a similar connection to work ? I'd like to
let users behind F2 to connect transparently to servers behind F1 without
having to bring down and then back up the cipe device each time they need to

Thanks for any advice.

