[TriLUG] Rather OT: PIX 501 VPN argh
Brian Henning
brian at strutmasters.com
Wed Aug 17 09:50:57 EDT 2005
I know there are some folks on the list with Cisco PIX experience, who
can perhaps help me with this issue.
Cutting to the chase: Is there a command to force VPN to reinitialize,
handshake, whatever it does when it's first brought up? Continue
reading for the details...
We make use of a VPN tunnel from our NC location (here) to a location in
California. The tunnel itself is managed by a PIX 501 at each end.
When it works, it is great. The problem is our internet connection
(ADSL) takes spells of being terriffically flaky. Whenever it flakes
out for a little while, it throws the VPN tunnel for a loop. The PIX
doesn't seem to realize the tunnel is broken, and happily continues
chucking packets down it, but they never reach their destination. The
only way to quickly resurrect the tunnel that I've found (in my
ignorance of PIX workings) is to reboot it, which of course knocks out
all connectivity for a while.
The only other option I've found so far has been to just wait it out;
eventually the tunnel will reestablish itself, but this can often take
hours (evidenced by pings disappearing into the void for a long long
time, and then eventually magically returning).
I'm sure there must be a command or two to do it, but I haven't figured
out what it is yet.
Thanks!
~Brian
More information about the TriLUG
mailing list