Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
592
Views
0
Helpful
2
Replies

PIX to PIX VPN and tunnel rengotiation

nvekaria
Level 1
Level 1

‎10-29-2001 07:17 AM - edited ‎07-05-2021 12:06 PM

I've got a 1720 Router sandwiched between two PIX 506s. A workstation is also connected to each PIX. I am able to ping from one workstation to the other using a standard PIX-PIX VPN tunnel. If I down the PIX local to the workstation and reload it, the VPN tunnel is re-established when the local PIX comes back up. If I down the Remote PIX and bring it back up, I have to manually clear the SAs on the local PIX in order to re-establish the tunnel, or else restablish the tunnel by pinging back from the remote workstation. How do I get the PIXes to attempt to re-negotiate the tunnel automatically once it has been broken by the remote peer being reset.

Labels:
0 Helpful
2 Replies 2

Amin-Al
Level 1
Level 1

‎11-06-2001 02:52 PM

I had the same problem before, however, you did not give much detail in your post.

- check pfs make sure they policies are matching at both Pixs

- make sure the SA life time are matching on both Pixs !

hope this helps.

0 Helpful

jfrahim
Level 5
Level 5

‎02-19-2002 04:47 PM

If your remote pix is down, then you can try to enable isakmp keepalives in your environment. This would keep track of the remote pix, and once the remote pix is down, it will delete all the related IPSec SAs

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card