PIX dynamic VPN question

Hi, I am having problem with our branch office. . They have PIX 501 and here we have PIX515. Last time when they lost VPN connection to our end, I told them to reboot 501 (remote PIX) but VPN didnt come back. They do dynamic VPN to

515 end. To me rebooting 501 should bring the VPN back on, since they initial VPN connection. I aksed a user to ping one of our machine here using private IP from her computer because I thought that should help but didnt, So finaly we had to telnet to 501 and do a ping inside in order to bring the VPN on. Is this normal? is there anyway to fix this issue? Thanks for any help-Rob
Reply to
Loading thread data ...

That -should- have worked.

Are you configured for isakmp identity address or for isakmp identity hostname ? If you are configured for address then it can take 20-30 minutes to be able to resume a connection after the IP address changes.

Reply to
Walter Roberson

It is configured for IP: On remote 501 I have:

isakmp enable outside isakmp key ********* address 515-IP netmask isakmp identity address isakmp policy 10 authentication pre-share

On 515: isakmp key ******** address netmask no-xauth no-config-mode isakmp identity address isakmp policy 10 authentication pre-share

The IP has not be changed, just we had a power failure on remote site (501) and then even we rebotted PIX a couple of times or ping from a worksatation didnt bring the VPN back up (Internet was up). Any idea? Thanks-Rob

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.