"Walter Roberson" <> wrote in message
news:0GAlg.66435$IK3.51717@pd7tw1no...
> In article <4496b76b$>, Rob <> wrote:
>
> >I am having problem with our branch office. . They have PIX 501 and here
we
> >have PIX515. Last time when they lost VPN connection to our end, I told
them
> >to reboot 501 (remote PIX) but VPN didnt come back. They do dynamic VPN
to
> >515 end. To me rebooting 501 should bring the VPN back on, since they
> >initial VPN connection. I aksed a user to ping one of our machine here
using
> >private IP from her computer because I thought that should help but
didnt,
>
> That -should- have worked.
>
> >So finaly we had to telnet to 501 and do a ping inside in order to bring
the
> >VPN on.
>
> >Is this normal? is there anyway to fix this issue?
>
> Are you configured for isakmp identity address or for
> isakmp identity hostname ? If you are configured for address then
> it can take 20-30 minutes to be able to resume a connection after
> the IP address changes.
It is configured for IP:
On remote 501 I have:
isakmp enable outside
isakmp key ********* address 515-IP netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
On 515:
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode
isakmp identity address
isakmp policy 10 authentication pre-share
The IP has not be changed, just we had a power failure on remote site (501)
and then even we rebotted PIX a couple of times or ping from a worksatation
didnt bring the VPN back up (Internet was up).
Any idea?
Thanks-Rob
|
Similar Threads
