hi, here's my version:
pix-vpn-gw# sh ver
Cisco PIX Firewall Version 6.3(4) Cisco PIX Device Manager Version 3.0(2)
Compiled on Fri 02-Jul-04 00:07 by morlee
pix-vpn-gw up 29 mins 3 secs
Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz Flash E28F640J3 @ 0x3000000, 8MB BIOS Flash E28F640J3 @ 0xfffd8000, 128KB
0: ethernet0: address is 000d.6585.845c, irq 9 1: ethernet1: address is 000d.6585.845d, irq 10 Licensed Features: Failover: Disabled VPN-DES: Enabled VPN-3DES-AES: Enabled Maximum Physical Interfaces: 2 Maximum Interfaces: 2 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: 50 Throughput: Unlimited IKE peers: 10This PIX has a Restricted (R) license.
### tunnel properties seem standard except the lifetime:
crypto ipsec transform-set REMOTE esp-3des esp-md5-hmac crypto map VPN 10 ipsec-isakmp crypto map VPN 10 match address VPN2 crypto map VPN 10 set peer REMOTE-Router crypto map VPN 10 set transform-set REMOTE crypto map VPN interface outside isakmp enable outside isakmp key ******** address REMOTE-Router netmask 255.255.255.255 isakmp identity address isakmp policy 100 authentication pre-share isakmp policy 100 encryption 3des isakmp policy 100 hash md5 isakmp policy 100 group 1 isakmp policy 100 lifetime 86400
### PIX has a vpn tunnel to a remote router, which is not under my control. I have 10 hosts on the inside and there are 35 on the other end of the tunnel.
Am I assuming correctly that I have only one IKEpeer ?
my problem: connection to remote site is very unreliable and it seems after pix reboots everything works. where can i start looking ?
thanks, M