This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Astaro - Pix 515e (6.3.1)

I trying to setup a VPN between Astaro and a Pix 515e.
I was having a VPN to a VPN 3000 concentrator and everything worked fine, now the other side has changed the concentrator in a Pix and then the problems start. Ofcourse the other side says the fault is on my side (strange it works with the concentrator, and i did'n't change a bit

).

When i enable my tunnel after he did, the vpn is there but when the Pix reconnect i still see the tunnel on my side but noway i can ping him. After that i have to disable my tunnel and enable it again, It is working then. At least if you can say working: reply's on ping are not slow but after a few pings there are some no reply's, then some good pings and then some no reply's and so on.  Is there anybody who has a solution for this problem. Or is it a Problem of the Pix (that's what i think [;)])

ASL 3.2  -----  VPN Concentrator   no problem
ASL 3.2  -----  Pix 515e                  problem
ASL4.0x -----  Pix 515e                  problem

Thnx to the one who could give me some more info.

This thread was automatically locked due to age.

Parents

0 Mawa over 22 years ago

Some more info:

Tunnel problem is gone. After some changes on the PIX.
But when I PING through the tunnel, i have packet loss. One time it is 2 % and the other time it is 40 % very change. I still think that the PIX is the problem or maybe a combination of the PIX with Astaro. I have on the same Astaro firewall other VPN's, to other Astaro firewalls and to VPN 3000 Concentrators and with these there is no packetloss at all. Hope that someone can give me hint. Or are there people who also have problems connecting a PIX, or don't have problems connecting a PIX.
Cancel
Vote Up 0 Vote Down

Cancel
0 SecApp over 22 years ago in reply to Mawa

I have heard PIX's are quite hard to set up. I think you will just have to wait for somebody who's done it to see your post. Maybe you can post on a PIX site?? Somebody there might have connected Astaro...
Cancel
Vote Up 0 Vote Down

Cancel
0 Udo_Seiler over 22 years ago in reply to SecApp

Hi,

I had configured a PIX a year ago in several VPN-Combinations.
I remember that a big point was the routing and the packet filter rules for subnets behind the vpn.
another issue was the icmp code for auto adjust the network devices mtu (icmp code 3?) its icmp code source quench.

HTH

Regards

Udo Seiler
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Udo_Seiler over 22 years ago in reply to SecApp

Hi,

I had configured a PIX a year ago in several VPN-Combinations.
I remember that a big point was the routing and the packet filter rules for subnets behind the vpn.
another issue was the icmp code for auto adjust the network devices mtu (icmp code 3?) its icmp code source quench.

HTH

Regards

Udo Seiler
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Mawa over 22 years ago in reply to Udo_Seiler

Thnx guys,

After the other party loaded the newest software release in the PIX everything is working excellent. Hope it stays that way. Just what i thought, the problem has nothing to do with the ASL but with the PIX .
Cancel
Vote Up 0 Vote Down

Cancel
0 SecApp over 22 years ago in reply to Mawa

I'm sure it would have worked great without the patch -if you were using a Pix on both ends!
Cancel
Vote Up 0 Vote Down

Cancel
0 Mawa over 22 years ago in reply to SecApp

I'm sure it would have worked great, if the other party also used a ASL. [:)]
Cancel
Vote Up 0 Vote Down

Cancel