I am running a PIX515E, OS 6.3(4) UR at our central office and have multiple PIX501s in our field offices running 6.3(4).
Each remote site has a VPN Tunnel to the central site.
The configuration for each remote PIX is the same other than WAN/LAN IP Addressing, hostname, and PSK.
The VPN Tunnels are established quite quickly and rarely give me any problems.
At the central site, we have 6 VLANs that need to be accessible to the remote clients, and of course, support personnel at the central site need to be able to access the machines on the remote networks.
The oddity that I'm running into is that if I reboot a remote device and/or clear the security associations, support personnel at the central site don't seem to be able to initiate communications to the remote site.
If a computer at the remote site pings a host on the network that the support personnels' workstations are on, afterwards the support personnel can contact the remote clients on demand.
What I need to enable is that the support personnel can initiate communications from the central site to the remote sites at any time without needing a client machine at the remote site to establish a connection to the central site first.
Has anyone seen this type of behavior before and can it be fixed?
In an effort to simplify the access-lists for the VPNs at the central site,I replaced the multiple access-list VPN_SOMEPLACE permit ip AAA.BBB.CCC.DDD 255.255.255.0 WWW.XXX.YYY.ZZZZ 255.255.255.0 statements with a single:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :