I have been running a 501 for a few years with several site to site vpns with no problems. At first there was 1 vpn and it has slowly grown to 4. They are all the same 501's with the latest software.
The first few years were problem free but as more sits have been added the problems are getting worse.
When i added the third site, i restored factory defaults to remove the remernace of old configerations. form that point onward i have had problems. The second site would not maintain a tunnel after 2 minutes. I have checked the configs, replaced the modem, replaced all cables, replaced the pix and still cannot solve the problem. At the moment i cannot get any of the vpns to connect.
Using the monitor facility within the pdm, the ipsec tunnel does not connect and the ike tunnel connects for about 40 secs then drops, it keeps repeating the same cycle. I am using a pre shared key on the IKE, the pre shared key is definatly correct as i have copied and pasted it into both 501's with the same computer.
During the time of the first errors i was getting an error code of 402101 using the debug level log.
I have employed a local cisco engineer to help me with the problem, he adivsed that the configeration be changed as i was putting the pix behind a netgear router and forwarding the correct ports, this config worked several years, i have now changed all sites so the pix is configuered to be directly to the internet. The engineer was happy all the configerations were correct and he could not solve the problem, after spending six hours on our sites, he only charged me for 1 hour and was never to be seen again. The problem is getting worse.
I am able to connect the remote sites using a vpn client, all other functions of the firewall seem good. I have been throught the wizards many times on all units and am certain the configerations are correct.
What am i doing wrong??, they used to work but know they don't.
I have attached the two configerations but removed all the inportant info of ip's, usernames and passwords. again, the ip's were correct.
Have i missed out a step after resoting factory defaults?
I would greatly appreciate any help anybody has to offer.