Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 501 drops vpn connection

Hello all,

I got a strange problem with a cisco pix 501.

we have a vpn /Lan-Lan connection from our cisco 3005 concentrator to a cisco pix 501. This connection is working well.

On the remote side I got a second pix 501 semilar with the first one.

I configured the second one with new offical ip address to test a new provide.

on our side I changed the settings for the lan-lan connection on the concentrator to the new offical ip address for the outside interface on the pix.

The problem is that if I use the second pix with the new provider the connection dropps sometimes (5 times a day) and you can only establishthe connection when you restart the pix.

When I change back to the old one and change the ip address for the outside interface back its working well again.

I compared the settings on both pix?es and they only differ in the offical ip addresses.

What can be the problem ?

Did I miss something ?

Best regards

Kai

5 REPLIES
Bronze

Re: PIX 501 drops vpn connection

HI.

Instead of rebooting the PIX, have you tried giving the command

clear crypto isakmp sa

if after this the connection is established, please try to get debugs like debug crypto isakmp sa

What version are you running on the PIX firewall. I have faced the same problem with 6.3.4. Upgrading to 6.3.5 resolved the problem

--Pls rate if it helps--

New Member

Re: PIX 501 drops vpn connection

Hi,

thanks for the fast reply.

OK, the version of the firewall software is 6.2(2).

I will make a debug when we can connect to the pix because now the pix is not active / powered off and in indonesia it?s around 6:45 PM and no one is working.

I will post the results after the weekend

Thanks a lot

Kai

New Member

Re: PIX 501 drops vpn connection

So,

now I was able to make an output from debug isakmp and debug ipsec.

Attached you see the output in .txt file.

Hope it helps.

Strange is that the connection is running for hours and then it dropps and does not come back but when I make clear crypto isakmp sa the tunnel comes back in a few seconds

Thanks a lot

Kai

New Member

Re: PIX 501 drops vpn connection

Here is the output of the cisco concentrator.

the pix logs out after 30 minutes then comes back and after 2 hours it does not come back.

could be the isp router in front of the pix ?

Best regards

Kai

New Member

Re: PIX 501 drops vpn connection

Hi,

I think I found the problem.

Seems that is was the ISP because I made a ping to the offical ip of the router and the pix and found out that the connection on router side was also dropped.

Regardsless thanks a lot

Kai

272
Views
4
Helpful
5
Replies
CreatePlease login to create content