I have a site to site VPN between a PIX 506e and PIX 501 with VPN Dialer access to the 506E setup. Every so often (ever hour or so) I have to restart the PIX 501 because it looses the Connection. The ISAKMP status goes from QM_IDLE to SA_MM_SETUP. I can still ping the outside IPA of the 501, but a restart is required to bring the VPN Tunnel up. I am starting to believe that I may have a faulty PIX 501. Also when the connection is down, the devices behind the 501 no longer have access to the INET. The users behind the 501 claim it goes down when they try and send an email, which goes thur the VPN tunnel to an exchange server. Although I know that the connection has been dropped when just using Terminal Server or Remote Desktop. Any advice or info would be greatly appricated. I can post my configs if necessary.
Thank you for the advice. one note, how do I configure them both to be iniator-responder? I will also try the keep alive. I have setup a 2nd wan location that does not hiccup at all. My main office lan is 192.168.1.0, the 1st wan is 192.168.20.0 and the 2ns wan is 192.168.40.0. I am now convienced that a VPN dialer user may have the same internal IP of 192.168.20.0. Could that possible be confusing the PIX and shutting down the VPN tunnel even though he gets a Dynamic VPN IP of 10.10.10.0? I am going to try and change the WAN to 10.10.x.0 networks.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :