Re: Cisco PIX 501 and Cisco VPN client problem, ugrent!!!

cisco_gavin · ‎06-09-2005

Dear All:

i got a problem and hope to have your help. I have a SQL Server 2000 in my office.I used to use Cisco VPN client on the server to establish a vpn connection with main office, then the main office can download the data into my SQL Database.It worked fine. A couple days ago, i bought a new Cisco Pix 501 firewall and put it in front of my SQL server,I still use VPN client to establish the VPN channel,the two server can ping each other between my office and the main office. But the problem is the server in the main office COULD NOT log in my SQL Server any longer, always have login failed the message, Could you please give me some idea, what's the possible reason? Do you need to do some more config on the PIX 501? Thanks a lot!

ehirsel · ‎06-12-2005

How soon after you establish the vpn tunnel, does the main office sql server login to your offices' sql server? If more than one hour passes, it could be that the pix has dropped the connections due to idle-timer expiring. The default is one hour. You may need to enable keepalives on the vpn client connection. Contact the main office tech support and ask them to enable DPD on the gateway config for your vpn connection. As long as the DPD frames are sent within one hour (30 min. should be sufficient) the pix will keep the connection alive.

Let me know if this works.