Showing results for 
Search instead for 
Did you mean: 

Troubleshooting Cisco Pix 501 site-to-site VPN

I could use some help troubleshooting VPN connectivity from one site to another. This is the scenario:

Home Office and Branch Office are connected by a persistent site to site VPN tunnel. Home office has a Pix 506E and Branch office has a Pix 501. Clients on the branch office network were able to authenticate against domain controllers at the home office and access network file shares until last week when the DSL modem at the branch office failed.

It was determined that AT&T no longer offers a modem compatible with the legacy static IP DSL service installed at this office. A compatible modem was procured from a local Fry's electronics. After installing the new modem, clients at the branch office can access the Internet but they can no longer contact the domain controller at the home office nor access file shares. The VPN tunnel has not been re-established.

None of the IP addresses have changed, nor the configurations of the PIX at either end. At length it was discovered that the new modem featured an SPI firewall. This feature was disabled, and while the WAN IP of the PIX at the branch office will respond to a ping sent from outside the network, the VPN tunnel remains down.

I am unfamiliar even with the commands that would tell me whether the VPN is up or not, so I would appreciate any assistance you can offer.

In addition to this problem there is some other network weirdness. For instance, the clients all receive their TCP/IP configuration via DHCP. But near as I can tell, the IP addresses of the DNS servers are invalid--there are no systems on either network with those IP addresses. But that is a separate issue from the VPN.

Everyone's tags (3)