Thursday, January 26, 2006

PIX VPNs going down. Computers can't connect.

Main office has a Cisco PIX 506. Three remote offices have pix 501s. Yesterday one of the small remote office pix wouldn't establish vpn tunnel so remote computers at the location wouldn't connect back to the office. Today another small office's vpn tunnel wouldn't establish even on reboot. Used some remote support software that provided me on-demand pc remote control of one of the remote desktop systems at the remote office then telneted to the PIX and ran the vpnclinet connect command from the enable prompt. This command re-established the vpn and the computers got through to the main office LAN.
Who knows what the problem is. If I find the problem I will surely post it as it might help someone else.


Anonymous said...

PIX VPNs can be extremely problematic.

Mr. Tech Support said...

The PIX series from Cisco had many issues. They were OK but for the price tag that came with them, they should not have had so many of the quirky problems they did for so many years.

The best news is that yes, the vpnclient connect command from the enable prompt" is a useful way to start the VPN session but since they have now been replaced with ASA, it's best to just upgrade to the Cisco ASA 5500 series. The 5505ASA comes in at a really good price.

Jack "The Hack"Dugan said...

The Cisco ASA is much more stable and has many features and capabilities that were lacking for many years in the PIX firewall. I especially like the addition of more Ethernet switch ports on the back.

Here's a good link to a GUI interface snapshot for port forwarding on the ASA: