I have a pair of PIX-525 firewalls deployed in a failover setup. Both running software version 7.0(4). The PIX provides remote-access IPSec VPN service to remote users. AAA login authentication (via TACACS+) and VPN user authentication (via RADIUS) are against a centralized ACS server (version 3.2).
An incident happened yesterday whereby almost the entire PIX config went missing except for some interface and IP address configuration which remained. Unfortunately we didn't enable AAA accounting to track any malicious activities.
After restoring a previous good config, users start to experience problem with the VPN service. They are sometimes being prompted for authentication for 3 times and still fail the authentication. Or their VPN connection disconnected in the middle of their work.
Did anyone experience this issue before? I'm upgrading the PIX units to version 7.2(3) and see how it goes.