Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Two weeks ago I deployed a Pix 501 with OS 6.3(1) to one of our remote sites. It ran great until last Friday when it would suddenly stop working every 16 minutes and 20 seconds. Yesterday the firewall was exhibiting the same behavior so I upgr...
I just figured this out yesterday and figured I'd share it because I've seen similar problems posted before.I'm using a PIX515E with OS 6.3(4) and VPN client 4.6 to connect to our corporate site via dynamic VPN.The problem was that even though I adde...
I have an 1841 ISR at a remote location that I cannot manage remotely even though I've permitted telnet to the Internet - facing interface from my corporate site.I can successfully ping the router from the corporate site but every time I try to telne...
I am running a PIX515E, OS 6.3(4) UR at our central office and have multiple PIX501s in our field offices running 6.3(4). Each remote site has a VPN Tunnel to the central site. The configuration for each remote PIX is the same other than WAN...
Is the link speed and duplex configured correctly between the pix and router?Does a sh int eth0 show the link as being down on the pix?Until you assign link speed, duplex, and an IP Address (even if it's just auto/auto) to the interfaces on the pix t...
The logging on the Pix is configured to use an external syslog server.Prior to setting up the logging, no logging was enabled on the firewall.I had anohter 501 do this same type of thing in another remote office but never setup syslogging and after a...
I'm a newbie with the IOS. I can get a router up and running, but that's about the extent of my knowledge. I work with PIXs more than routers.The IOS is 12.3(8)T6.From the router or a host on the inside network of the router, I can telnet into my wor...
Both ends are static IPsI figured it out lte yesterday.In an effort to simplify the access-lists for the VPNs at the central site,I replaced the multiple access-list VPN_SOMEPLACE permit ip AAA.BBB.CCC.DDD 255.255.255.0 WWW.XXX.YYY.ZZZZ 255.255.255.0...
I'm no expert but I know that there are some changes made to a crypto map that aren't dynamic, such as an access-list change.Even if you issue a clear ipsec sa command the changes won't be reflected in the sa.Try unbinding the cyrpto map and then re-...
