i have recently re-configured two pix 501 units after being forced into an ip change by a service provider, after performing the reconfiguration on the units i no longer can access my exchange server by url, but i can access it by static ip, i also can no longer access the exchange server via blackberry. now the vpn itself works fine no problems at all but using our vpn client software(shrewsoft) i can connect to the vpn both internally and externally but cannot browse the topology of the vpn, when i check the ipconfig on the client machines i receive an ip and subnet but do not get a gateway address, any help would be greatly appreciated! i am new to these pix units and i am stuck at this point
When using the vpn client software, in the ipconfig output if you do not get a gateway address assiciated with the pool (new private ip address assigned by vpn server), it is normal. Now i think what happened is that, after you changed the ip address, the dns name-ip mapping is still pointing to your old ip address, and thereby you are not able to browse using names, (but it works with static ip address as you have said).
--To check this, do a nslookup at the machine on which you have the vpn client, for the name of the exchange server, and see if the name resloves to the new ip address. If not then you need to check your internal dns server and correct the dns name-ip mapping.
rudresh once i connect with the vpn software and do a nslookup it resolves to the actually server using the local ip of 172.20.20.254, but the actually static ip itself is assigned to the pix, i am still having issues, any suggestions?
This would need more analysis, can you please paste the running connfig of the PIX (make sure you mask or remove the actual ip addresses), and in the config please point the interface ip which was replaced by a new ip. Analyzing the config would help me narrow down the issue.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :