I am having the weirdest of the problems... I have a PIX515E with several Linksys BEFX41 routers with VPNs..... suddenly... the VPNs cannot be established... I have Linksys routers distributed in diferent places... and all of them are unable to connect. ... I even tried connecting with a Linksys right next to the ouside interface.. with an contiguous IP to the one assigned to the PIX's outside interface.... (you'll see that below.. the .34 and .44 addresses)..No luck either
so far... I have discarded my ISP... the linksys routers (if were only one I would suspect that... but with 3 or 4 failing...)... and I don't remember making any change to the firewall in the last weeks in fact I compared the last good known configuration and it's fine....
whenever I hit the connect buttom in the Linksys router I got the following response in the PIX
(and then the linksys routers hang and I have to reboot them!)
-----------------------------------------------------crypto_isakmp_process_block: src X.X.X.44, dest X.X.X.34
Not sure how the Linksys routers work. But if there is any cisco routers apart from Pix, this looks like ' ships in the night' problem, where in, the routed discovered by one of the routing protocols should be redistributed to the other, else there will be a duplicate discovery.
I can tell you flat out I have never been able to get the Linksys gateways to Make a VPN connection to a PIX......Netscreens yes, Pix to Pix yes.....Software IPSEC yes.......Linksys....NEVER...
I was actually brought in on a job for this very reason... VPN from LINKSYS TO LINKSYS is about as reliable as the weather.....I recomend you check out some of the reports at http://www.dslreports.com it will shed some light on the LINKSYS-PIX Issues
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...