cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1012
Views
0
Helpful
3
Replies

IPSec VPN PIX-PIX over ISDN

andrew
Level 1
Level 1

Hi,

I have a few site to site VPNs PIX-PIX. All of these work fine over frame relay connections. However, the first ISDN one I have tried fails?

The ISDN router config is fine and I can ping the outside world from the PIX.

Any ideas?

3 Replies 3

fmeetz
Level 4
Level 4

Well, I’d like to help but I need some more information to do so.

1. What model router do you have?

2. What IOS image are you running?

3. Have you looked at the debugs?

4. Where is the session failing?

If your running the current IOS I would suggest calling TAC.

Hi,

This is between two Cisco PIX 515s both on 5.12.

I have looked at all of the debugs. ISAKMP gets an SA, and transfers the Pre-Shared keys, then the IPSec SA just drops?

Andrew..

7gwatts
Level 1
Level 1

Hi Andrew,

You don't make it clear wether you are using BRI or PRI for this but the problem you may be having is that VPNs must have at least one end of the link supported by a permanent internet connection. ISDN to ISDN won't work unless both connections happen to be live at the same time. If one end is permanent, then the temporary end must initiate the communication. Thus isdn is ideal for RAS VPNs, but unusable for site to site. To make low cost VPN solutions, I recommend trying to find a cable provider who can give you permanent access, or ideally pay for a small leased line at each end.

Hope this helps,

George W

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: