[c-nsp] Pix help needed
Michael Balasko
Michael.Balasko at cityofhenderson.com
Tue Jan 16 12:42:54 EST 2007
All.
I have the following scenario:
WL Client-->AP-->2811 --- IPSEC Tunnel --> 7206 --> PIX --> 7140 VPN
The traffic flow is as follows: The Client establishes a PPTP
session to the 7140VPN Concentrator. The Client PPTP traffic is policy
routed on the 2811 to travel over a VTI IPSEC Tunnel that terminates on
the 7206. The 7206 decrypts the IPSEC traffic and coughs the PPTP over
to the PIX which in turn hands it to the 7140 where the VPN is
terminated. Return traffic is treated the same way. Now the caveat to
this whole thing is that there is quite a bit of other PPTP traffic
flowing through the PIX that has nothing to do with the tunnel scenario
above.
When I change the MTU on the IPSEC tunnels, ALL of the connections
on the PIX stop flowing. If I drop the now dead WL client PPTP session
and try to re-establish it, It will not pass through the pix until a
clear xlate is issued. The log files doesn't give me anything obvious. I
can reproduce this on a regular basis although it is painful for the
users so I am turning to the list for help. While this thing is "dead"
are there any commands I can issue to try to figure out what's going
one? Can anyone point me in a direction as to why this might happen or
where to look?
The Pix is a 520 running 6.3.5.
Michael Balasko
Network Specialist II
City of Henderson
240 Water St.
Henderson, NV 89015
p. 702-267-4337
f. 702-267-4302
More information about the cisco-nsp
mailing list