Re: Nortel VPN Client behind PIX 515 firewall losing connection - Page 2

imuonagor · ‎08-26-2009

I have a Nortel VPN Client connecting to an external server from our office network. The internet connection was previously connected to a Cisco 2811 Router and a single IP address was used to translate all internal IP addresses for internet access. Now we just installed a Cisco PIX 515 Firewall and same translation was done using the single IP Address on the Outside interface of the Firewall. But i noticed that though the VPN client still connects, after a while it gives an error and disconnects. Any idea what could be the cause of this? Thanks.

Yudong Wu · ‎08-29-2009

Very glad that you finally found the issue.

Thanks for sharing info here.

imuonagor · ‎08-30-2009

Yea, the solution was either to make the firewall also the default gateway (so that the router doesn't send the ip redirect that changes the PC's gateway/routing table) OR to disable ip redirect (using the "no ip redirect" interface subcommand) on the Router. I disabled ip redirect on the Router's LAN interface.

I think it's possible the cause of this same issue ("routing table cannot be altered after VPN connection has been established") might vary depending on the network design. But the solution would be in finding out what exactly is changing the routing table after the VPN has formed. It wasn't until i ran "debug ip icmp" on the router that i saw this. Thanks again.