Re: Pix v6.3.1 and VPN Client 4.0.4(B) problem

accraig · ‎06-12-2004

Good Day,

I seem to have a problem with my VPN Client. I can establish a tunnel to the Pix and when checking the stats on my VPN Client I see my traffic being encrypted, however on the Pix checking the crypto ipsec sa I don't see any decaps or encaps.

>sh crypto isakmp sa

Total : 1

Embryonic : 0

dst src state pending created

x.x.x.x x.x.x.x QM_IDLE 0 1

Is there anything else I can check?

btw... at my previous employer I had a similar problem where by I would connect to the Pix and the same as above would occur. If I connected a little while later then everything would work fine.......I was wondering if load balanced routes could potentially play a part in this?

ehirsel · ‎06-15-2004

At your previous employer, even if load-balanced routes were used, as long as you went to the same interface on the same pix, you should have always been able to connect. There may have been an issue with the user authentication service (radius, rsa server, etc.).

As far as your current issue goes, are is the pix head-end termination point configured in a fail-over setup? After the client connects (by that I mean successful user authen and a valid ip address is assigned), can they access the applications without error, or do they have connectivity issues?

Run the show ip local pool command on the active pix both before and after the client connects and see if there is any change to the number of addresses in use and free in one or more pools.