PIX 515E VPN Issue

Unanswered Question
Apr 7th, 2008

We have been running about 20 L2L VPN tunnels on our PIX for over a year. They have never had any problems establishing tunnels when a ping (or any interesting traffic) is sent from either end. Recently, without any changes to our config, we are not unable to establish the tunnels with traffic from the remote sides or client VPNs. We can still establish the tunnels with traffic from our side. I have tried connecting with the Cisco VPN client to the client VPN that used to work and it no longer conencts. Any thoughts? This is in a high uptime environment so I can't just reboot it or run any commands that would kill connections.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
johnd2310 Mon, 04/07/2008 - 14:53


If you enable logging on the vpn clients, what errors do you get?



gecko2207 Tue, 04/08/2008 - 07:28

We actually figured this out... the problem was that a server behind the firewall had a PAT entry in the Xlate for port 500 so anything trying to connect to the PIX on that port was being forwarded to this machine instead of being handled by the pix. We found this after running a debug and seeing some strange lines relating to PAT and then running a show xlate | inc 500 which showed us the PAT entry. By removing that entry from the Xlate we are now able to connect.


This Discussion