501 PIX.. Changed Outside IP.. Client Side VPN Not Working

jjdurrant

Hey guys, we just switched ISPs and all is well except for client side VPN. First off, the clients are using a DNS name to connect and are resolving correctly to our new outside IP.

I have heard mixed reviews that the public IP info is somehow built into the encryption algorhytm. So if your outside IP changes, you must reconfigure VPN on the PIX. Is there any truth to this? I can't figure out what else it could be. All I did was change the outside IP and default route.

Also, How old is this config:

PIX: 6.3(3)
PDM:3.0(1)

Do I need a Cisco support contract to get an update?

Thanks!

Justin

netteaser

Can you post a copy of your config

mikej412

I guess if those were the only references to your old IP address on the PIX, and nothing else has changed and you get no error messages on the PIX and everything else works -- how about looking upstream from the outside interface.

Do you have a router upstream? Any ACLs there that may referece the old IP Address?

Does your new ISP forward all traffic to you or do they do some filtering?

Version 6.3(3) is from 08/Jan/2004
Version 6.3(5) is from 12/Aug/2005

I think PDM 3.0(4) is the most current.

You'd need a smartnet contract to upgrade/update

dissolved

verify the security level of your outside interface

jjdurrant

Well I waited it out and VPN just started working. The issue must have been ARP cache related. I not really sure how condering I power cycled the Comcast modem\router and the PIX.

dissolved

jjdurrant wrote:

Well I waited it out and VPN just started working. The issue must have been ARP cache related. I not really sure how condering I power cycled the Comcast modem\router and the PIX.

Cisco stuff does not seem to play well with Comcast equipment. If I make any changes on my cisco equipment, I always power cycle both the cisco stuff and the modem. Otherwise nothing works

jjdurrant

Good to know. Thanks!