PIX dynamic VPN question

- R
- Rob
  
  Contact options for registered users
posted
17 years ago

Mon, Jun 19, 2006 2:40 PM

Hi, I am having problem with our branch office. . They have PIX 501 and here we have PIX515. Last time when they lost VPN connection to our end, I told them to reboot 501 (remote PIX) but VPN didnt come back. They do dynamic VPN to

515 end. To me rebooting 501 should bring the VPN back on, since they initial VPN connection. I aksed a user to ping one of our machine here using private IP from her computer because I thought that should help but didnt, So finaly we had to telnet to 501 and do a ping inside in order to bring the VPN on. Is this normal? is there anyway to fix this issue? Thanks for any help-Rob

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Mon, Jun 19, 2006 4:55 PM

That -should- have worked.

Are you configured for isakmp identity address or for isakmp identity hostname ? If you are configured for address then it can take 20-30 minutes to be able to resume a connection after the IP address changes.

- R
- Rob
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Mon, Jun 19, 2006 7:08 PM

It is configured for IP: On remote 501 I have:

isakmp enable outside isakmp key ********* address 515-IP netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share

On 515: isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode isakmp identity address isakmp policy 10 authentication pre-share

The IP has not be changed, just we had a power failure on remote site (501) and then even we rebotted PIX a couple of times or ping from a worksatation didnt bring the VPN back up (Internet was up). Any idea? Thanks-Rob