I have been running the configuration for years nothing has changed and I started getting this problem.
have 2 515 pix's one at office one at co-locate running VPN. PIX Version 6.1(3)
sometimes cannot access net in any shape or form. VPN still working, can ping DNS server (use internal dns => 192.168.0.7). problem resolves itself anywhere from 10 minutes, to 3 hours. seems to happen weekly.
attempt1: reboot everything and same problem.
attempt2: change DNS to external DNS. does not fix. Ping external dns IP address from pix, reply's fine (did same with google's IP, was fine). tried pinging ext. dns and google's IP address from LAN and no reply. Tried pinging our external gateway (from LAN) and no reply. only reply to interal block from VPN, and our internal gateway given to use by DHCPD which is the pix.
attempt3: rebooted all switches/routers modem pix, changed cables (didn't think this would work as I still was connected to VPN) still nothing
I have no idea where to start? sounds like a NAT problem to me. all I do now is just wait for the pix to fix itself ???
Logs I don't understand.
attached is the config (edited for security reasons):
Config has been same for a long time and has worked for years.
I don't have idea about your problem but maybe you can set up a syslog server on your network and tells the pix to send all his log to this server. So, you can collect and store all logs from your PIX and maybe, find some clues the next time you meet your problem.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :