PIX VPN problem when remote peer changes IP

Unanswered Question
Sep 4th, 2008
User Badges:

I have some VPNs between a PIX with static IP and several routers with dynamic IP.

When one of the remote routers changes its IP the PIX keeps the VPN with the old one and it doesn't allow the VPN with the new IP until I manually kill the old one...

Keepalives are activated.


Any help ?


Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
redinarsa Mon, 09/08/2008 - 05:32
User Badges:

I am using the DefaultL2LGroup, the VPN works OK... but when the remote peer changes its IP the PIX doesn't allow the new VPN (with the new peer IP) until I manually "kill" the VPN with the old IP.

singhsaju Mon, 09/08/2008 - 05:54
User Badges:
  • Silver, 250 points or more

Try reducing the sa lifetime.


HTH

Saju


redinarsa Mon, 09/08/2008 - 06:31
User Badges:

I don't think that solves the problem, I still have to wait until the lifetime expires.

Shouldn't the PIX realice that the old peer is dead and allow the new VPN ?.

The remote router is a Linksys.

singhsaju Mon, 09/08/2008 - 05:55
User Badges:
  • Silver, 250 points or more

Try reducing the sa lifetime.


HTH

Saju


Actions

This Discussion