[TriLUG] PIX 501 questions

[Glen Ford]

Not a directly Linux related question, but I hope the good folks on this 
list might be able to help.
In an effort to learn a little about Cisco Pix products I has swapped 
out my Linksys DSL route with a PIX 501.  I use the Linksys and now the 
pix as firewall between my home boxes and my RoadRunner cable modem. 
Pretty standard stuff.


I am having two problems with my PIX 501.


1.  The outside interface of my PIX gets assigned by the ISP via dhcp. 
This works for the most part, except periodically loose connectivity to 
my RoadRunner router.  I know this because my wife complains that she 
can not use the browser. I check the connection by pinging the router 
from the command line inside the PIX. The pings fail and I have to issue 
the following command to regain my connectivity."ip address outside dhcp 
setroute retry 5"  . This is proving to be irritating. Why does the 
outside PI loose connectivity to the route?


2. With the Linksys I am able to use  Cisco VPN client for Linux without 
any problems.  I.E. from server behind Linksys I am able to establish a 
vpn connection to my corporate network.  This is a ipsec tunnel over UDP 
port 500 (esp).  The Linksys passes this traffic without any problems.  
linux (vpn client) ---> linksys ----> vpn end-point
However when I use the PIX it does not work.  I know I am passing the 
udp port 500 traffic because I see it leaving the outside interface of 
the PIX.  I use debug command to see it.  I do not see any reply traffic 
coming pack from the vpn request.  The packets leaving the PIX are 
addressed with source of the outside interface and destination of my 
corporate vpn end point.  This all seem correct except I do not see any 
traffic coming back from the corporate end-point.  After some time the 
vpn client croaks and says that it timed out trying to make the connection.

Any help with either/both of these two questions would be much appreciated.

Thanks,
/Glen