Main office has a
Cisco PIX 506. Three remote offices have pix 501s. Yesterday one of the small remote office pix wouldn't establish VPN tunnel so remote computers at the location wouldn't connect back to the office. Today another small office's vpn tunnel wouldn't establish even on reboot. Used some remote support software that provided me on-demand pc remote control of one of the
remote desktop systems at the remote office then telnetted to the
PIX and ran the VPN client connect command from the enable prompt. This command re-established the VPN and the computers got through to the main office LAN.
Who knows what the problem is. If I find the problem I will surely post it as it might help someone else.
3 comments:
PIX VPNs can be extremely problematic.
The PIX series from Cisco had many issues. They were OK but for the price tag that came with them, they should not have had so many of the quirky problems they did for so many years.
The best news is that yes, the vpnclient connect command from the enable prompt" is a useful way to start the VPN session but since they have now been replaced with ASA, it's best to just upgrade to the Cisco ASA 5500 series. The 5505ASA comes in at a really good price.
The Cisco ASA is much more stable and has many features and capabilities that were lacking for many years in the PIX firewall. I especially like the addition of more Ethernet switch ports on the back.
Here's a good link to a GUI interface snapshot for port forwarding on the ASA:
http://remotesupportsoftware.blogspot.com/2008/10/configure-rdp-port-forwarding-on-cisco.html
Post a Comment