[TriLUG] Rather OT: PIX 501 VPN argh

Russell Nelson gerrial at rivancitadel.com
Wed Aug 17 10:15:56 EDT 2005


Brian,

	You should be able to run the following command and reset your VPN.
Then the PIX should rebuild the tunnel on it's own. You should run the
command from within Conf t.

Clear crypto isakmp sa

I hope this helps.

Russ Nelson

-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On Behalf
Of Brian Henning
Sent: Wednesday, August 17, 2005 9:51 AM
To: TriLUG
Subject: [TriLUG] Rather OT: PIX 501 VPN argh

I know there are some folks on the list with Cisco PIX experience, who 
can perhaps help me with this issue.

Cutting to the chase: Is there a command to force VPN to reinitialize, 
handshake, whatever it does when it's first brought up?  Continue 
reading for the details...

We make use of a VPN tunnel from our NC location (here) to a location in 
California.  The tunnel itself is managed by a PIX 501 at each end. 
When it works, it is great.  The problem is our internet connection 
(ADSL) takes spells of being terriffically flaky.  Whenever it flakes 
out for a little while, it throws the VPN tunnel for a loop.  The PIX 
doesn't seem to realize the tunnel is broken, and happily continues 
chucking packets down it, but they never reach their destination.  The 
only way to quickly resurrect the tunnel that I've found (in my 
ignorance of PIX workings) is to reboot it, which of course knocks out 
all connectivity for a while.

The only other option I've found so far has been to just wait it out; 
eventually the tunnel will reestablish itself, but this can often take 
hours (evidenced by pings disappearing into the void for a long long 
time, and then eventually magically returning).

I'm sure there must be a command or two to do it, but I haven't figured 
out what it is yet.

Thanks!
~Brian
-- 
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc


-----------------------------------------
This e-mail and any attachments may contain CONFIDENTIAL information,
including PROTECTED HEALTH INFORMATION. If you are not the intended
recipient, any use or disclosure of this information is STRICTLY
PROHIBITED; you are requested to delete this e-mail and any
attachments, notify the sender immediately, and notify the LabCorp
Privacy Officer at privacyofficer at labcorp.com or call (877) 23-HIPAA /
(877) 234-4722.




More information about the TriLUG mailing list