Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
657
Views
0
Helpful
3
Replies

pix 501 exchange issue, vpn software issue

Phridomphound
Level 1
Level 1

‎10-04-2010 08:21 PM

i have recently re-configured two pix 501 units after being forced into an ip change by a service provider, after performing the reconfiguration on the units i no longer can access my exchange server by url, but i can access it by static ip, i also can no longer access the exchange server via blackberry. now the vpn itself works fine no problems at all but using our vpn client software(shrewsoft) i can connect to the vpn both internally and externally but cannot browse the topology of the vpn, when i check the ipconfig on the client machines i receive an ip and subnet but do not get a gateway address, any help would be greatly appreciated! i am new to these pix units and i am stuck at this point

Labels:
0 Helpful
3 Replies 3

Rudresh Veerappaji
Cisco Employee
Cisco Employee

‎10-04-2010 08:51 PM

Hi James,

When using the vpn client software, in the ipconfig output if you do not get a gateway address assiciated with the pool (new private ip address assigned by vpn server), it is normal. Now i think what happened is that, after you changed the ip address, the dns name-ip mapping is still pointing to your old ip address, and thereby you are not able to browse using names, (but it works with static ip address as you have said).

--To check this, do a nslookup at the machine on which you have the vpn client, for the name of the exchange server, and see if the name resloves to the new ip address. If not then you need to check your internal dns server and correct the dns name-ip mapping.

Let me know if this helps,

Cheers,

Rudresh V

0 Helpful

Phridomphound
Level 1
Level 1
In response to Rudresh Veerappaji

‎10-05-2010 10:22 AM

rudresh once i connect with the vpn software and do a nslookup it resolves to the actually server using the local ip of 172.20.20.254, but the actually static ip itself is assigned to the pix, i am still having issues, any suggestions?

0 Helpful

Rudresh Veerappaji
Cisco Employee
Cisco Employee
In response to Phridomphound

‎10-06-2010 05:06 AM

Hi James,

This would need more analysis, can you please paste the running connfig of the PIX (make sure you mask or remove the actual ip addresses), and in the config please point the interface ip which was replaced by a new ip. Analyzing the config would help me narrow down the issue.

Cheers,

Rudresh V

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents