PIX dynamic VPN question

Discussion in 'Cisco' started by Rob, Jun 19, 2006.

  1. Rob

    Rob Guest

    Hi,
    I am having problem with our branch office. . They have PIX 501 and here we
    have PIX515. Last time when they lost VPN connection to our end, I told them
    to reboot 501 (remote PIX) but VPN didnt come back. They do dynamic VPN to
    515 end. To me rebooting 501 should bring the VPN back on, since they
    initial VPN connection. I aksed a user to ping one of our machine here using
    private IP from her computer because I thought that should help but didnt,
    So finaly we had to telnet to 501 and do a ping inside in order to bring the
    VPN on.
    Is this normal? is there anyway to fix this issue?
    Thanks for any help-Rob
     
    Rob, Jun 19, 2006
    #1
    1. Advertising

  2. In article <4496b76b$>, Rob <> wrote:

    >I am having problem with our branch office. . They have PIX 501 and here we
    >have PIX515. Last time when they lost VPN connection to our end, I told them
    >to reboot 501 (remote PIX) but VPN didnt come back. They do dynamic VPN to
    >515 end. To me rebooting 501 should bring the VPN back on, since they
    >initial VPN connection. I aksed a user to ping one of our machine here using
    >private IP from her computer because I thought that should help but didnt,


    That -should- have worked.

    >So finaly we had to telnet to 501 and do a ping inside in order to bring the
    >VPN on.


    >Is this normal? is there anyway to fix this issue?


    Are you configured for isakmp identity address or for
    isakmp identity hostname ? If you are configured for address then
    it can take 20-30 minutes to be able to resume a connection after
    the IP address changes.
     
    Walter Roberson, Jun 19, 2006
    #2
    1. Advertising

  3. Rob

    Rob Guest

    "Walter Roberson" <> wrote in message
    news:0GAlg.66435$IK3.51717@pd7tw1no...
    > In article <4496b76b$>, Rob <> wrote:
    >
    > >I am having problem with our branch office. . They have PIX 501 and here

    we
    > >have PIX515. Last time when they lost VPN connection to our end, I told

    them
    > >to reboot 501 (remote PIX) but VPN didnt come back. They do dynamic VPN

    to
    > >515 end. To me rebooting 501 should bring the VPN back on, since they
    > >initial VPN connection. I aksed a user to ping one of our machine here

    using
    > >private IP from her computer because I thought that should help but

    didnt,
    >
    > That -should- have worked.
    >
    > >So finaly we had to telnet to 501 and do a ping inside in order to bring

    the
    > >VPN on.

    >
    > >Is this normal? is there anyway to fix this issue?

    >
    > Are you configured for isakmp identity address or for
    > isakmp identity hostname ? If you are configured for address then
    > it can take 20-30 minutes to be able to resume a connection after
    > the IP address changes.


    It is configured for IP:
    On remote 501 I have:

    isakmp enable outside
    isakmp key ********* address 515-IP netmask 255.255.255.255
    isakmp identity address
    isakmp policy 10 authentication pre-share

    On 515:
    isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode
    isakmp identity address
    isakmp policy 10 authentication pre-share

    The IP has not be changed, just we had a power failure on remote site (501)
    and then even we rebotted PIX a couple of times or ping from a worksatation
    didnt bring the VPN back up (Internet was up).
    Any idea?
    Thanks-Rob
     
    Rob, Jun 19, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. hk
    Replies:
    0
    Views:
    1,947
  2. c
    Replies:
    2
    Views:
    821
  3. Hans-Peter Walter
    Replies:
    3
    Views:
    1,157
    Joe Bloggs
    Jan 21, 2004
  4. Replies:
    2
    Views:
    3,210
  5. Diego Balgera
    Replies:
    5
    Views:
    7,769
    Johann Lo
    Feb 8, 2008
Loading...

Share This Page