[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details

Trouble with VPN traffic passing through Juniper firewall

Asked by ChristianT in Cisco PIX Firewall, Networking Hardware Firewalls, IPSec Security Protocol

Tags: Cisco, ASA, Juniper, PIX, Firewall, VPN, ISAKMP

I have a VPN tunnel between a Cisco ASA 5510 and a PIX 501.  The PIX is at a client's site and lives behind the client's Juniper firewall.  Recently the tunnel has started dropping off and not re-establishing.  I did some troubleshooting with the client and it appears that their firewall starts dropping ISAKMP packets bound from the PIX back to my corporate office.  My Client hasn't changed anything recently, and his firewall rules don't restrict outbound traffic, but strangely enough, as soon as he put explicit rules in place to permit outbound ISAKMP, the tunnel started working.  After sitting in that state for over a week, I thought we would be ok, but then it started doing it again.  The ISAKMP rules were still in place, so my client removed those rules and re-added them and it started working again.  I just thought I would throw this out there to see if anyone else has run into a similar problem with a Juniper firewall between two Cisco VPN end-points.

Thanks,

CT
[+][-]11/06/09 03:19 AM, ID: 25758174Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11/06/09 03:20 AM, ID: 25758179Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11/06/09 06:45 AM, ID: 25759491Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11/06/09 07:02 AM, ID: 25759644Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11/06/09 07:21 AM, ID: 25759850Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-89 - Hierarchy / EE_QW_EXPERT_20070906