[c-nsp] Issues with VPNs after moving from PIX to ASA ...
gkg at gmx.de
Tue Oct 16 04:41:50 EDT 2007
we have just moved a customer from his old PIX 515 to a new 5510 CSC20
... so far, everything looks good, except for the customer site VPNs.
Though all I have been able to test works out fine, the customer is
experiencing problems with the VPN connections at application level ...
sites that have worked for ~5 years now have trouble transfering data
via FTP. Any manual FTP I tried using the regular VPN client (tried a
rather current 4.8 as well as the oldest I could find, which was a 4.0)
seemed to work fine, though. FTP connections from other customer sites
that are already in the MPLS network (and therefore don't use VPN
anymore) work fine, too, so I tend to rule out a general problem at the
As a quick-hack temporary solution I also tried to re-activate the old
PIX (which is now only connected on the inside interface), but couldn't
get any connections past the ISAKMP phase ... NAT-T is activated on the
pix ... client is stuck at "negotiating security policies" ... need to
look what I missed when I moved everything over to the inside interface ...
Any idea as to incompatibilities between PIX and ASA regarding VPN
More information about the cisco-nsp