We have been running about 20 L2L VPN tunnels on our PIX for over a year. They have never had any problems establishing tunnels when a ping (or any interesting traffic) is sent from either end. Recently, without any changes to our config, we are not unable to establish the tunnels with traffic from the remote sides or client VPNs. We can still establish the tunnels with traffic from our side. I have tried connecting with the Cisco VPN client to the client VPN that used to work and it no longer conencts. Any thoughts? This is in a high uptime environment so I can't just reboot it or run any commands that would kill connections.
We actually figured this out... the problem was that a server behind the firewall had a PAT entry in the Xlate for port 500 so anything trying to connect to the PIX on that port was being forwarded to this machine instead of being handled by the pix. We found this after running a debug and seeing some strange lines relating to PAT and then running a show xlate | inc 500 which showed us the PAT entry. By removing that entry from the Xlate we are now able to connect.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :