VPN site to site initial connection problem

Hi,

Firstly,If the PIX IOS versions are different on the peers ,this could be one of the issue.

Secondly, In the Site to Site VPN Tunnel, if individual hosts are added instead of the Network address(10.0.0.0/8), we have to ping from either ends at the same time to bring up the VPN Tunnel.

Please check the same and reply

Regards Sunil

Charolette wrote:

Sorry for my ignorance, i am not sure what you mean in the second point. I would assume that site-to-site VPN between Cisco PIX's should be able to work seemlessly. Anyway, when hosts are added to either end of the network, they are able to use the same VPN tunnel. As long as a device from the remote office sends a ping packet, this will allow the head office to come through the VPN tunnel.

Thanks

snipped-for-privacy@gmail.com wrote:

Is the remote office using a dynamic or static IP Address? If it is dynamic then you must initiate the VPN connection from the remote office as the central office has no way of knowing the IP Address.

Also, try adding "isakmp keepalive 30 5" to the remote office PIX, as far as I know this command should keep the VPN tunnel alive.

James

Charolette wrote:

Hi,

I am not sure what you mean about whether it is static or dynamic. But both ends have their own private address. The head office is using a

Thanks

James wrote:

The outside interface address of the remote office PIX - is it a static address or assigned by the ISP using DHCP?