I have a remote Cisco ISR that's using a public cellular APN to connect to an enterprise firewall via IPSec. The router is using IPSec for a majority of its connectivity, however I've had to add a script to the ISR without IPSec to generate interesting traffic (pinging Google DNS) to initiate and keep the Cellular alive. If I try to do this using the IPSec, then it seems the cellular doesn't see interesting traffic.
I've added all IPSec designated traffic to individual VRFs. The script is in the global routing table.
So I have three problems with this.
- It would be good to find out how to generate traffic for the cellular using the IPSec
- I am fairly certain I am leaving the Cisco ISR vulnerable to attack by not using IPSec for the script
- If I attempt to add an ACL to the cellular, it applies not only to the global routing table, but all the VRFs as well
No comments:
Post a Comment