VPN site to site initial connection problem

Discussion in 'Cisco' started by Charolette, Sep 13, 2006.

  1. Charolette

    Charolette Guest

    Hi,

    I have a strange problem. I have a PIX 515 at central office and a PIX
    506e at the remote office.

    We have VPN site to site working.

    When the VPN times out the VPN tunnel comes down.

    The strange things is:

    when i try to send a ping from the central office to the remote office
    the ping fails, however, a vpn is created (show crytpo isakmp sa).

    If i ping from the remote office to the central office the ping works.
    After the this i am able to ping from the central office to the remote
    office.

    I want to be able to start the connection from the central office. What
    is the problem?

    Thanks
     
    Charolette, Sep 13, 2006
    #1
    1. Advertising

  2. Charolette

    Guest

    Hi,

    Firstly,If the PIX IOS versions are different on the peers ,this
    could be one of the issue.

    Secondly, In the Site to Site VPN Tunnel, if individual hosts are added
    instead of the Network address(10.0.0.0/8), we have to ping from either
    ends at the same time to bring up the VPN Tunnel.


    Please check the same and reply

    Regards
    Sunil


    Charolette wrote:
    > Hi,
    >
    > I have a strange problem. I have a PIX 515 at central office and a PIX
    > 506e at the remote office.
    >
    > We have VPN site to site working.
    >
    > When the VPN times out the VPN tunnel comes down.
    >
    > The strange things is:
    >
    > when i try to send a ping from the central office to the remote office
    > the ping fails, however, a vpn is created (show crytpo isakmp sa).
    >
    > If i ping from the remote office to the central office the ping works.
    > After the this i am able to ping from the central office to the remote
    > office.
    >
    > I want to be able to start the connection from the central office. What
    > is the problem?
    >
    > Thanks
     
    , Sep 13, 2006
    #2
    1. Advertising

  3. Charolette

    Charolette Guest

    Sorry for my ignorance, i am not sure what you mean in the second
    point. I would assume that site-to-site VPN between Cisco PIX's should
    be able to work seemlessly. Anyway, when hosts are added to either end
    of the network, they are able to use the same VPN tunnel. As long as a
    device from the remote office sends a ping packet, this will allow the
    head office to come through the VPN tunnel.

    Thanks

    wrote:
    > Hi,
    >
    > Firstly,If the PIX IOS versions are different on the peers ,this
    > could be one of the issue.
    >
    > Secondly, In the Site to Site VPN Tunnel, if individual hosts are added
    > instead of the Network address(10.0.0.0/8), we have to ping from either
    > ends at the same time to bring up the VPN Tunnel.
    >
    >
    > Please check the same and reply
    >
    > Regards
    > Sunil
    >
    >
    > Charolette wrote:
    > > Hi,
    > >
    > > I have a strange problem. I have a PIX 515 at central office and a PIX
    > > 506e at the remote office.
    > >
    > > We have VPN site to site working.
    > >
    > > When the VPN times out the VPN tunnel comes down.
    > >
    > > The strange things is:
    > >
    > > when i try to send a ping from the central office to the remote office
    > > the ping fails, however, a vpn is created (show crytpo isakmp sa).
    > >
    > > If i ping from the remote office to the central office the ping works.
    > > After the this i am able to ping from the central office to the remote
    > > office.
    > >
    > > I want to be able to start the connection from the central office. What
    > > is the problem?
    > >
    > > Thanks
     
    Charolette, Sep 18, 2006
    #3
  4. Charolette

    James Guest

    Is the remote office using a dynamic or static IP Address? If it is
    dynamic then you must initiate the VPN connection from the remote
    office as the central office has no way of knowing the IP Address.

    Also, try adding "isakmp keepalive 30 5" to the remote office PIX, as
    far as I know this command should keep the VPN tunnel alive.

    James

    Charolette wrote:
    > Sorry for my ignorance, i am not sure what you mean in the second
    > point. I would assume that site-to-site VPN between Cisco PIX's should
    > be able to work seemlessly. Anyway, when hosts are added to either end
    > of the network, they are able to use the same VPN tunnel. As long as a
    > device from the remote office sends a ping packet, this will allow the
    > head office to come through the VPN tunnel.
    >
    > Thanks
    >
    > wrote:
    > > Hi,
    > >
    > > Firstly,If the PIX IOS versions are different on the peers ,this
    > > could be one of the issue.
    > >
    > > Secondly, In the Site to Site VPN Tunnel, if individual hosts are added
    > > instead of the Network address(10.0.0.0/8), we have to ping from either
    > > ends at the same time to bring up the VPN Tunnel.
    > >
    > >
    > > Please check the same and reply
    > >
    > > Regards
    > > Sunil
    > >
    > >
    > > Charolette wrote:
    > > > Hi,
    > > >
    > > > I have a strange problem. I have a PIX 515 at central office and a PIX
    > > > 506e at the remote office.
    > > >
    > > > We have VPN site to site working.
    > > >
    > > > When the VPN times out the VPN tunnel comes down.
    > > >
    > > > The strange things is:
    > > >
    > > > when i try to send a ping from the central office to the remote office
    > > > the ping fails, however, a vpn is created (show crytpo isakmp sa).
    > > >
    > > > If i ping from the remote office to the central office the ping works.
    > > > After the this i am able to ping from the central office to the remote
    > > > office.
    > > >
    > > > I want to be able to start the connection from the central office. What
    > > > is the problem?
    > > >
    > > > Thanks
     
    James, Sep 18, 2006
    #4
  5. Charolette

    Charolette Guest

    Hi,

    I am not sure what you mean about whether it is static or dynamic. But
    both ends have their own private address. The head office is using a
    10.0.0.0 network and the remote office is using a 192.168.0.0 network.

    Thanks

    James wrote:
    > Is the remote office using a dynamic or static IP Address? If it is
    > dynamic then you must initiate the VPN connection from the remote
    > office as the central office has no way of knowing the IP Address.
    >
    > Also, try adding "isakmp keepalive 30 5" to the remote office PIX, as
    > far as I know this command should keep the VPN tunnel alive.
    >
    > James
    >
    > Charolette wrote:
    > > Sorry for my ignorance, i am not sure what you mean in the second
    > > point. I would assume that site-to-site VPN between Cisco PIX's should
    > > be able to work seemlessly. Anyway, when hosts are added to either end
    > > of the network, they are able to use the same VPN tunnel. As long as a
    > > device from the remote office sends a ping packet, this will allow the
    > > head office to come through the VPN tunnel.
    > >
    > > Thanks
    > >
    > > wrote:
    > > > Hi,
    > > >
    > > > Firstly,If the PIX IOS versions are different on the peers ,this
    > > > could be one of the issue.
    > > >
    > > > Secondly, In the Site to Site VPN Tunnel, if individual hosts are added
    > > > instead of the Network address(10.0.0.0/8), we have to ping from either
    > > > ends at the same time to bring up the VPN Tunnel.
    > > >
    > > >
    > > > Please check the same and reply
    > > >
    > > > Regards
    > > > Sunil
    > > >
    > > >
    > > > Charolette wrote:
    > > > > Hi,
    > > > >
    > > > > I have a strange problem. I have a PIX 515 at central office and a PIX
    > > > > 506e at the remote office.
    > > > >
    > > > > We have VPN site to site working.
    > > > >
    > > > > When the VPN times out the VPN tunnel comes down.
    > > > >
    > > > > The strange things is:
    > > > >
    > > > > when i try to send a ping from the central office to the remote office
    > > > > the ping fails, however, a vpn is created (show crytpo isakmp sa).
    > > > >
    > > > > If i ping from the remote office to the central office the ping works.
    > > > > After the this i am able to ping from the central office to the remote
    > > > > office.
    > > > >
    > > > > I want to be able to start the connection from the central office. What
    > > > > is the problem?
    > > > >
    > > > > Thanks
     
    Charolette, Sep 18, 2006
    #5
  6. Charolette

    James Guest

    Charolette wrote:
    > Hi,
    >
    > I am not sure what you mean about whether it is static or dynamic. But
    > both ends have their own private address. The head office is using a
    > 10.0.0.0 network and the remote office is using a 192.168.0.0 network.


    The outside interface address of the remote office PIX - is it a static
    address or assigned by the ISP using DHCP?
     
    James, Sep 18, 2006
    #6
  7. Charolette

    Charolette Guest

    It is static

    James wrote:
    > Charolette wrote:
    > > Hi,
    > >
    > > I am not sure what you mean about whether it is static or dynamic. But
    > > both ends have their own private address. The head office is using a
    > > 10.0.0.0 network and the remote office is using a 192.168.0.0 network.

    >
    > The outside interface address of the remote office PIX - is it a static
    > address or assigned by the ISP using DHCP?
     
    Charolette, Sep 18, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?RGFsZQ==?=

    WinXP Initial Connection - Can it connect PRIOR to user login?

    =?Utf-8?B?RGFsZQ==?=, Jul 13, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    581
    Jerry Peterson[MSFT]
    Jul 15, 2005
  2. Dirk Westfal
    Replies:
    5
    Views:
    9,124
    Dirk Westfal
    Mar 14, 2006
  3. Vigarv
    Replies:
    1
    Views:
    1,547
    Walter Roberson
    Aug 7, 2006
  4. pasatealinux
    Replies:
    1
    Views:
    2,066
    pasatealinux
    Dec 17, 2007
  5. Edinburgh-Matt

    PIX Remote VPN to Site to Site Connection

    Edinburgh-Matt, Feb 6, 2008, in forum: Computer Security
    Replies:
    0
    Views:
    551
    Edinburgh-Matt
    Feb 6, 2008
Loading...

Share This Page