09-04-2008 09:47 AM
I have some VPNs between a PIX with static IP and several routers with dynamic IP.
When one of the remote routers changes its IP the PIX keeps the VPN with the old one and it doesn't allow the VPN with the new IP until I manually kill the old one...
Keepalives are activated.
Any help ?
Thank you.
09-07-2008 08:46 PM
If you're using PIX OS 7 or 8 you can utilize the DefaultL2LGroup. Otherwise you can configure the PIX as an EasyVPN server.
09-08-2008 05:32 AM
I am using the DefaultL2LGroup, the VPN works OK... but when the remote peer changes its IP the PIX doesn't allow the new VPN (with the new peer IP) until I manually "kill" the VPN with the old IP.
09-08-2008 05:54 AM
Try reducing the sa lifetime.
HTH
Saju
09-08-2008 06:31 AM
I don't think that solves the problem, I still have to wait until the lifetime expires.
Shouldn't the PIX realice that the old peer is dead and allow the new VPN ?.
The remote router is a Linksys.
09-08-2008 05:55 AM
Try reducing the sa lifetime.
HTH
Saju
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide