Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need help with modifying PIX config

Status
Not open for further replies.
cmtoth

cmtoth

MIS
Sep 7, 2005
16
0
0
US


I did a 'sh running config' command and I see that I have:
isakmp identity address

I imagine my VPN issues may clear up if I change it to 'isakmp identity hostname'

Should I do:
no isakmp identity address <enter>
isakmp identity hostname <enter>
wr mem <enter>
reload

That's all I need to change, right?

Thanks!
 
Sort by date Sort by votes
What VPN issues are you having? You generally do want to use
isakmp identity address.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Brent, thanks for the reply!

I have a Cisco 506e and for the past few months, users who work from home through the VPN, have been experiencing disconnection issues.

What happens, is that they are working fine, then for whatever reason they are disconnected. So they try to log back in with the Cisco VPN client software, but cannot.

The only way for me to "fix" it, is if I log on to the PIX and issue a 'reload' command. After that, they can log in fine.

There is really no pattern to it. Some users use DSL, others various cable connections. Almost all use Windows XP while some use Windows 2000.

But someone on the Cisco newsgroups suggested I use:

isakmp identity hostname

to see if that helps.

Are you suggesting that I don't use this?

Thanks!

 
Upvote 0 Downvote
It depends on how you are set up. You need to have the clients and PIX choose the same way.
I always have my VPN clients set to connect using an IP address and not a resolved name (less DNS issues.)

I would check deeper - spin up a syslog server and have it log all the isakmp and ipsec messages and see what's actually happening on the pix. If you clear connections and xlates does it allow them to reconnect without a reload?

Other things to check,
-You can check to make sure the time is correct (pix and host- I have had it cause problems in the past.)
-Are there other users behind the remote locations router/firewall that are connecting to a VPN as well? (can cause a disconnect.)
-Other connectivity issues (on both ends) dropped internet connections, delays, lost packets.
-PIX CPU usage, timeouts on tcp connections(embryonic, half open), bandwidth saturation.



Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
150
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
154
Johnkite
Johnkite
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
57
PauS0n
PauS0n
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
165
intel233
intel233
tklamb
  • Locked
  • Question
ACL help
Replies
0
Views
47
tklamb
tklamb

Part and Inventory Search

Sponsor

Back
Top