we got a client who has two sites connected through a VPN connection. (both sites have internet connection). One site is using Router 2621, and another one is using pix 506. The client keeps complaining that the remote site user (pix 506 site) sometimes cannot get connected to the server located in another site (router site) through VPN , but sometimes they can. Any clue about how to fix it?
Re: Remote VPN connection Cannot be setup sometimes
There are many reasons for this to happen. One such reason is if you have a dynamic IP address on your router, then this could result in a failed connection. Since the IP address keeps changing, the VPN Tunnel might have problems reconnecting next time. Sometimes it might connect, but next time you want to connect and the IP address on the router has changed, then the connection cannot be setup to the remote server.This is due to lifetime expiry.
1. One solution for this is to keep a fixed IP address.
2. The other is to use "isakmp" keepalives. Turn on the isakmp keepalives on both the router and the PIX.
On the router the command is "crypto isakmp keepalive 30 5".
And on the PIX it is "isakmp keepalive 30 5"
where 30 is the time interval in seconds. Hence these keepalives are sent every 30 seconds. It can be a value between 10 to 3600 seconds. 5 is the retry interval in seconds.
With this the problem should be solved.Hope this is useful.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...