> >I am having problem with our branch office. . They have PIX 501 and here we
> >have PIX515. Last time when they lost VPN connection to our end, I told them
> >to reboot 501 (remote PIX) but VPN didnt come back. They do dynamic VPN to
> >515 end. To me rebooting 501 should bring the VPN back on, since they
> >initial VPN connection. I aksed a user to ping one of our machine here using
> >private IP from her computer because I thought that should help but didnt,
>
> That -should- have worked.
>
> >So finaly we had to telnet to 501 and do a ping inside in order to bring the
> >VPN on.
>
> >Is this normal? is there anyway to fix this issue?
>
> Are you configured for isakmp identity address or for
> isakmp identity hostname ? If you are configured for address then
> it can take 20-30 minutes to be able to resume a connection after
> the IP address changes.
It is configured for IP: On remote 501 I have:
isakmp enable outside isakmp key ********* address 515-IP netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share
On 515: isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode isakmp identity address isakmp policy 10 authentication pre-share
The IP has not be changed, just we had a power failure on remote site (501) and then even we rebotted PIX a couple of times or ping from a worksatation didnt bring the VPN back up (Internet was up). Any idea? Thanks-Rob