Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VPN site to site initial connection problem

Reply
Thread Tools

VPN site to site initial connection problem

 
 
Charolette
Guest
Posts: n/a
 
      09-13-2006
Hi,

I have a strange problem. I have a PIX 515 at central office and a PIX
506e at the remote office.

We have VPN site to site working.

When the VPN times out the VPN tunnel comes down.

The strange things is:

when i try to send a ping from the central office to the remote office
the ping fails, however, a vpn is created (show crytpo isakmp sa).

If i ping from the remote office to the central office the ping works.
After the this i am able to ping from the central office to the remote
office.

I want to be able to start the connection from the central office. What
is the problem?

Thanks

 
Reply With Quote
 
 
 
 
sunil143@gmail.com
Guest
Posts: n/a
 
      09-13-2006
Hi,

Firstly,If the PIX IOS versions are different on the peers ,this
could be one of the issue.

Secondly, In the Site to Site VPN Tunnel, if individual hosts are added
instead of the Network address(10.0.0.0/, we have to ping from either
ends at the same time to bring up the VPN Tunnel.


Please check the same and reply

Regards
Sunil


Charolette wrote:
> Hi,
>
> I have a strange problem. I have a PIX 515 at central office and a PIX
> 506e at the remote office.
>
> We have VPN site to site working.
>
> When the VPN times out the VPN tunnel comes down.
>
> The strange things is:
>
> when i try to send a ping from the central office to the remote office
> the ping fails, however, a vpn is created (show crytpo isakmp sa).
>
> If i ping from the remote office to the central office the ping works.
> After the this i am able to ping from the central office to the remote
> office.
>
> I want to be able to start the connection from the central office. What
> is the problem?
>
> Thanks


 
Reply With Quote
 
 
 
 
Charolette
Guest
Posts: n/a
 
      09-18-2006
Sorry for my ignorance, i am not sure what you mean in the second
point. I would assume that site-to-site VPN between Cisco PIX's should
be able to work seemlessly. Anyway, when hosts are added to either end
of the network, they are able to use the same VPN tunnel. As long as a
device from the remote office sends a ping packet, this will allow the
head office to come through the VPN tunnel.

Thanks

http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> Hi,
>
> Firstly,If the PIX IOS versions are different on the peers ,this
> could be one of the issue.
>
> Secondly, In the Site to Site VPN Tunnel, if individual hosts are added
> instead of the Network address(10.0.0.0/, we have to ping from either
> ends at the same time to bring up the VPN Tunnel.
>
>
> Please check the same and reply
>
> Regards
> Sunil
>
>
> Charolette wrote:
> > Hi,
> >
> > I have a strange problem. I have a PIX 515 at central office and a PIX
> > 506e at the remote office.
> >
> > We have VPN site to site working.
> >
> > When the VPN times out the VPN tunnel comes down.
> >
> > The strange things is:
> >
> > when i try to send a ping from the central office to the remote office
> > the ping fails, however, a vpn is created (show crytpo isakmp sa).
> >
> > If i ping from the remote office to the central office the ping works.
> > After the this i am able to ping from the central office to the remote
> > office.
> >
> > I want to be able to start the connection from the central office. What
> > is the problem?
> >
> > Thanks


 
Reply With Quote
 
James
Guest
Posts: n/a
 
      09-18-2006
Is the remote office using a dynamic or static IP Address? If it is
dynamic then you must initiate the VPN connection from the remote
office as the central office has no way of knowing the IP Address.

Also, try adding "isakmp keepalive 30 5" to the remote office PIX, as
far as I know this command should keep the VPN tunnel alive.

James

Charolette wrote:
> Sorry for my ignorance, i am not sure what you mean in the second
> point. I would assume that site-to-site VPN between Cisco PIX's should
> be able to work seemlessly. Anyway, when hosts are added to either end
> of the network, they are able to use the same VPN tunnel. As long as a
> device from the remote office sends a ping packet, this will allow the
> head office to come through the VPN tunnel.
>
> Thanks
>
> (E-Mail Removed) wrote:
> > Hi,
> >
> > Firstly,If the PIX IOS versions are different on the peers ,this
> > could be one of the issue.
> >
> > Secondly, In the Site to Site VPN Tunnel, if individual hosts are added
> > instead of the Network address(10.0.0.0/, we have to ping from either
> > ends at the same time to bring up the VPN Tunnel.
> >
> >
> > Please check the same and reply
> >
> > Regards
> > Sunil
> >
> >
> > Charolette wrote:
> > > Hi,
> > >
> > > I have a strange problem. I have a PIX 515 at central office and a PIX
> > > 506e at the remote office.
> > >
> > > We have VPN site to site working.
> > >
> > > When the VPN times out the VPN tunnel comes down.
> > >
> > > The strange things is:
> > >
> > > when i try to send a ping from the central office to the remote office
> > > the ping fails, however, a vpn is created (show crytpo isakmp sa).
> > >
> > > If i ping from the remote office to the central office the ping works.
> > > After the this i am able to ping from the central office to the remote
> > > office.
> > >
> > > I want to be able to start the connection from the central office. What
> > > is the problem?
> > >
> > > Thanks


 
Reply With Quote
 
Charolette
Guest
Posts: n/a
 
      09-18-2006
Hi,

I am not sure what you mean about whether it is static or dynamic. But
both ends have their own private address. The head office is using a
10.0.0.0 network and the remote office is using a 192.168.0.0 network.

Thanks

James wrote:
> Is the remote office using a dynamic or static IP Address? If it is
> dynamic then you must initiate the VPN connection from the remote
> office as the central office has no way of knowing the IP Address.
>
> Also, try adding "isakmp keepalive 30 5" to the remote office PIX, as
> far as I know this command should keep the VPN tunnel alive.
>
> James
>
> Charolette wrote:
> > Sorry for my ignorance, i am not sure what you mean in the second
> > point. I would assume that site-to-site VPN between Cisco PIX's should
> > be able to work seemlessly. Anyway, when hosts are added to either end
> > of the network, they are able to use the same VPN tunnel. As long as a
> > device from the remote office sends a ping packet, this will allow the
> > head office to come through the VPN tunnel.
> >
> > Thanks
> >
> > (E-Mail Removed) wrote:
> > > Hi,
> > >
> > > Firstly,If the PIX IOS versions are different on the peers ,this
> > > could be one of the issue.
> > >
> > > Secondly, In the Site to Site VPN Tunnel, if individual hosts are added
> > > instead of the Network address(10.0.0.0/, we have to ping from either
> > > ends at the same time to bring up the VPN Tunnel.
> > >
> > >
> > > Please check the same and reply
> > >
> > > Regards
> > > Sunil
> > >
> > >
> > > Charolette wrote:
> > > > Hi,
> > > >
> > > > I have a strange problem. I have a PIX 515 at central office and a PIX
> > > > 506e at the remote office.
> > > >
> > > > We have VPN site to site working.
> > > >
> > > > When the VPN times out the VPN tunnel comes down.
> > > >
> > > > The strange things is:
> > > >
> > > > when i try to send a ping from the central office to the remote office
> > > > the ping fails, however, a vpn is created (show crytpo isakmp sa).
> > > >
> > > > If i ping from the remote office to the central office the ping works.
> > > > After the this i am able to ping from the central office to the remote
> > > > office.
> > > >
> > > > I want to be able to start the connection from the central office. What
> > > > is the problem?
> > > >
> > > > Thanks


 
Reply With Quote
 
James
Guest
Posts: n/a
 
      09-18-2006

Charolette wrote:
> Hi,
>
> I am not sure what you mean about whether it is static or dynamic. But
> both ends have their own private address. The head office is using a
> 10.0.0.0 network and the remote office is using a 192.168.0.0 network.


The outside interface address of the remote office PIX - is it a static
address or assigned by the ISP using DHCP?

 
Reply With Quote
 
Charolette
Guest
Posts: n/a
 
      09-18-2006
It is static

James wrote:
> Charolette wrote:
> > Hi,
> >
> > I am not sure what you mean about whether it is static or dynamic. But
> > both ends have their own private address. The head office is using a
> > 10.0.0.0 network and the remote office is using a 192.168.0.0 network.

>
> The outside interface address of the remote office PIX - is it a static
> address or assigned by the ISP using DHCP?


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX - Site-to-Site VPN and VPN Client access Rick Stromberg Cisco 7 06-02-2011 11:44 PM
VPN site to site & Remote access VPN ( vpn client) over the same interface pasatealinux Cisco 1 12-17-2007 07:41 PM
Vpn site to site + vpn cisco client access list problem. Vigarv Cisco 1 08-07-2006 03:05 PM
Weired problem with site-to-site vpn: only one side of the vpn works !? Dirk Westfal Cisco 5 03-14-2006 09:35 PM
site-to-site VPN router to PIX VPN tical Cisco 3 05-27-2004 09:00 PM



Advertisments