On 6/26/06, Sean Waite <swaite at sbn dash services dot com> wrote:
> I have a strange problem with a m0n0wall to PIX VPN. At the office is the PIX, home is the
m0n0wall. For example, today I swapped out a
> switch that had the PIX line to the inside network. When I got home I find as usual the VPN is non
functioning. By this I mean SAD/SPD
> are created, no error messages, yet no traffic is going through. I have had this problem EVERY
time there is a network interruption.


I'm not 100% sure on the PIX, but on Cisco routers any time a network
interface goes down it dumps its SAD.  Manually clearing one end or
the other is sometimes required for it to come back.  That's a Cisco
to Cisco VPN.

Next time it happens, I'd try clicking the Save button on the IPsec
page of m0n0wall and see if that brings it up.  If not, I'd try the
PIX equivalent of the router commands 'clear crypto isakmp' and 'clear
crypto sa' (sorry, I don't recall the equivalent offhand and I'm too
lazy to look it up atm..).

If that still doesn't work, and you still have to actually cold boot
the PIX to get it to come back up (which makes 0 sense), make sure you
have the latest PIX OS loaded, and if all else fails call Cisco TAC.
Having to power cycle your PIX to bring up a VPN is a weird PIX issue
of some sort.

-Chris