PIX dynamic VPN question|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by Rob on June 19, 2006, 10:40 am
Please log in for more thread options
I am having problem with our branch office. . They have PIX 501 and here we have PIX515. Last time when they lost VPN connection to our end, I told them to reboot 501 (remote PIX) but VPN didnt come back. They do dynamic VPN to 515 end. To me rebooting 501 should bring the VPN back on, since they initial VPN connection. I aksed a user to ping one of our machine here using private IP from her computer because I thought that should help but didnt, So finaly we had to telnet to 501 and do a ping inside in order to bring the VPN on. Is this normal? is there anyway to fix this issue? Thanks for any help-Rob | |||||||||||||
|
Posted by Walter Roberson on June 19, 2006, 12:55 pm
Please log in for more thread options That -should- have worked. >So finaly we had to telnet to 501 and do a ping inside in order to bring the
>VPN on. >Is this normal? is there anyway to fix this issue?
Are you configured for isakmp identity address or for isakmp identity hostname ? If you are configured for address then it can take 20-30 minutes to be able to resume a connection after the IP address changes. | |||||||||||||
|
Posted by Rob on June 19, 2006, 3:08 pm
Please log in for more thread options
>
> >I am having problem with our branch office. . They have PIX 501 and here
we
> >have PIX515. Last time when they lost VPN connection to our end, I told
them
> >to reboot 501 (remote PIX) but VPN didnt come back. They do dynamic VPN
to
> >515 end. To me rebooting 501 should bring the VPN back on, since they
using
> >initial VPN connection. I aksed a user to ping one of our machine here > >private IP from her computer because I thought that should help but
didnt,
>
> That -should- have worked. > > >So finaly we had to telnet to 501 and do a ping inside in order to bring
the
> >VPN on.
>
> >Is this normal? is there anyway to fix this issue?
>
> Are you configured for isakmp identity address or for > isakmp identity hostname ? If you are configured for address then > it can take 20-30 minutes to be able to resume a connection after > the IP address changes. It is configured for IP: On remote 501 I have: isakmp enable outside isakmp key ********* address 515-IP netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share On 515: isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode isakmp identity address isakmp policy 10 authentication pre-share The IP has not be changed, just we had a power failure on remote site (501) and then even we rebotted PIX a couple of times or ping from a worksatation didnt bring the VPN back up (Internet was up). Any idea? Thanks-Rob | |||||||||||||
| Similar Threads | Posted |
| PIX dynamic VPN question | June 19, 2006, 10:40 am |
| Question, Dynamic VPN | September 22, 2006, 8:43 am |
| Question on dynamic routing and PIX VPN | December 6, 2005, 7:22 am |
| Followup-Pix dynamic VPN question | June 20, 2006, 12:15 pm |
| VPN between peers with dynamic IP address and dynamic DNS | February 4, 2008, 12:28 pm |
| Dynamic Outside NAT | November 30, 2005, 4:43 pm |
| dynamic? | March 3, 2006, 2:07 am |
| NAT to dynamic IP? | August 1, 2008, 2:03 am |
| Dynamic Outside Translation | October 17, 2005, 4:29 pm |
| Dynamic bandwidth | December 14, 2005, 2:49 pm |
| Dynamic DNS woes | January 7, 2006, 1:11 pm |
| Static & Dynamic NAT | July 4, 2006, 11:31 am |
| dynamic ban-list | July 7, 2006, 5:14 am |
| Re: Dynamic NAT Failure | September 1, 2006, 9:53 am |
| Dynamic NAT Failure | August 28, 2006, 11:54 am |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
>have PIX515. Last time when they lost VPN connection to our end, I told them
>to reboot 501 (remote PIX) but VPN didnt come back. They do dynamic VPN to
>515 end. To me rebooting 501 should bring the VPN back on, since they
>initial VPN connection. I aksed a user to ping one of our machine here using
>private IP from her computer because I thought that should help but didnt,