I could use some help troubleshooting VPN connectivity from one site to another. This is the scenario:
Home Office and Branch Office are connected by a persistent site to site VPN tunnel. Home office has a Pix 506E and Branch office has a Pix 501. Clients on the branch office network were able to authenticate against domain controllers at the home office and access network file shares until last week when the DSL modem at the branch office failed.
It was determined that AT&T no longer offers a modem compatible with the legacy static IP DSL service installed at this office. A compatible modem was procured from a local Fry's electronics. After installing the new modem, clients at the branch office can access the Internet but they can no longer contact the domain controller at the home office nor access file shares. The VPN tunnel has not been re-established.
None of the IP addresses have changed, nor the configurations of the PIX at either end. At length it was discovered that the new modem featured an SPI firewall. This feature was disabled, and while the WAN IP of the PIX at the branch office will respond to a ping sent from outside the network, the VPN tunnel remains down.
I am unfamiliar even with the commands that would tell me whether the VPN is up or not, so I would appreciate any assistance you can offer.
In addition to this problem there is some other network weirdness. For instance, the clients all receive their TCP/IP configuration via DHCP. But near as I can tell, the IP addresses of the DNS servers are invalid--there are no systems on either network with those IP addresses. But that is a separate issue from the VPN.
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...
Threat Hunting 101
In the latest Cisco Cybersecurity report, we explore all there is to know about threat hunting and provide a how-to guide for creating a threat hunting team.
Here are some of th...
What Is Cisco Identity Services Engine?
Cisco Identity Services Engine (ISE) is an all-in-one enterprise policy control product that enables comprehensive secure wired, wireless, and Virtual Private Networking (VPN) access.
Cisco ISE offers...