Site-to-site VPN down. Need help
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > WebserverTalk Community > VPN > Site-to-site VPN down. Need help




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    Site-to-site VPN down. Need help  
Jon Doe


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
08-14-07 06:12 PM

I have an L2L Ipsec VPN set up with one of our vendors via my PIX525 7.2(2).
Within the VPN, two of my VLANs are allowed (e.g 172.24.0.0 and 172.26.0.0).
Yesterday, we noticed that the 172.24.0.0 network could no longer connect,
but the 172.26.0.0 network still had access (and I can ping his addresses
from the 172.26 network).

I called the admin at the other end, and they swore they made no changes,
and I didn't either. We looked through all the VPN settings and they still
matched. He uses sonicwall, so he tried to re-negotiate the connection for
the 172.24.0.0 connection. When he tries to do that, he gets no response
from my PIX address. Whenever I try to ping any of his addresses, I get a
message in my syslog saying this:

%PIX-3-713902: IP = 123.456.789.10, Removing peer from peer table failed, no
match!

I decided as a troubleshooting step to reset the VPN connection on my end as
well. Now, I can even connect from the 172.26.0.0 network either. Any ideas?




[ Post a follow-up to this message ]



    Re: Site-to-site VPN down. Need help  
Rick Merrill


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
08-15-07 12:12 AM

Jon Doe wrote:
> I have an L2L Ipsec VPN set up with one of our vendors via my PIX525 7.2(2
).
> Within the VPN, two of my VLANs are allowed (e.g 172.24.0.0 and 172.26.0.0
).
> Yesterday, we noticed that the 172.24.0.0 network could no longer connect,
> but the 172.26.0.0 network still had access (and I can ping his addresses
> from the 172.26 network).
>
> I called the admin at the other end, and they swore they made no changes,
> and I didn't either. We looked through all the VPN settings and they still
> matched. He uses sonicwall, so he tried to re-negotiate the connection for
> the 172.24.0.0 connection. When he tries to do that, he gets no response
> from my PIX address. Whenever I try to ping any of his addresses, I get a
> message in my syslog saying this:
>
> %PIX-3-713902: IP = 123.456.789.10, Removing peer from peer table failed, 
no
> match!
>
> I decided as a troubleshooting step to reset the VPN connection on my end 
as
> well. Now, I can even connect from the 172.26.0.0 network either. Any idea
s?
>
>

i got something similar to work  again with 'release' & 'renew'




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 07:59 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register