+ Reply to Thread
Results 1 to 7 of 7
  1. Junior Member
    Join Date
    Aug 2006
    Posts
    12
    #1

    Default 501 PIX.. Changed Outside IP.. Client Side VPN Not Working

    Hey guys, we just switched ISPs and all is well except for client side VPN. First off, the clients are using a DNS name to connect and are resolving correctly to our new outside IP.

    I have heard mixed reviews that the public IP info is somehow built into the encryption algorhytm. So if your outside IP changes, you must reconfigure VPN on the PIX. Is there any truth to this? I can't figure out what else it could be. All I did was change the outside IP and default route.

    Also, How old is this config:

    PIX: 6.3(3)
    PDM:3.0(1)

    Do I need a Cisco support contract to get an update?

    Thanks!

    Justin
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member netteaser's Avatar
    Join Date
    Aug 2005
    Location
    San Antonio,TX
    Posts
    199

    Certifications
    CCNP, CCNA:Security
    #2

    Default Config

    Can you post a copy of your config
    Reply With Quote Quote  

  4. Cisco Moderator mikej412's Avatar
    Join Date
    May 2005
    Location
    Chicago
    Posts
    10,190

    Certifications
    CCNP CCIP CCSP CCVP CCDP CCDA CCNA CS-CIPSS CS-CIPTDS CS-CIPTOS CS-CIPCSS CS-CFWS CS-CVPNS CS-CISecS ISSP 4013 4011
    #3

    Default Re: 501 PIX.. Changed Outside IP.. Client Side VPN Not Worki

    I guess if those were the only references to your old IP address on the PIX, and nothing else has changed and you get no error messages on the PIX and everything else works -- how about looking upstream from the outside interface.

    Do you have a router upstream? Any ACLs there that may referece the old IP Address?

    Does your new ISP forward all traffic to you or do they do some filtering?

    Version 6.3(3) is from 08/Jan/2004
    Version 6.3(5) is from 12/Aug/2005

    I think PDM 3.0(4) is the most current.

    You'd need a smartnet contract to upgrade/update
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Jul 2004
    Posts
    236

    Certifications
    A bunch, and I still suck
    #4
    verify the security level of your outside interface
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Aug 2006
    Posts
    12
    #5
    Well I waited it out and VPN just started working. The issue must have been ARP cache related. I not really sure how condering I power cycled the Comcast modem\router and the PIX.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Jul 2004
    Posts
    236

    Certifications
    A bunch, and I still suck
    #6
    Quote Originally Posted by jjdurrant
    Well I waited it out and VPN just started working. The issue must have been ARP cache related. I not really sure how condering I power cycled the Comcast modem\router and the PIX.
    Cisco stuff does not seem to play well with Comcast equipment. If I make any changes on my cisco equipment, I always power cycle both the cisco stuff and the modem. Otherwise nothing works
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Aug 2006
    Posts
    12
    #7
    Good to know. Thanks!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks