L2L Tunnel dropping between Concentrator & Pix

Unanswered Question
Feb 22nd, 2008
User Badges:

L2L Tunnel dropping between Concentrator & Pix because of inactivity.

As soon as peer start pinging us the tunnel come back, peer is using pix firewall.

FOR ike phase one, we have set the lifetime time set as 86400sec & for phase 2 is 28800

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Thu, 02/28/2008 - 12:17
User Badges:
  • Silver, 250 points or more

When there is inactivity it is expected for the tunnel to drop for security reasons. Try to increase the timeout value for both the phase.

I was having the same issue with a L2L VPN from an ASA5505 to a PIX515 using 7.X and 8.X software...

I was using the SAME ACL for my NONAT and my CRYPTO MAP... ie ACL 100

I found that after creating a second ACL for my CRYPTO MAP, ACL 141, that was identical to my NONAT ACL 100.. eliminated my syslog errors and my inactivity drops stopped...

I added the new ACL for the crypto to both the PIX and the ASA; and then made sure to intiate the interesting traffic so start the ipsec tunnel so it would stay up in a productive state.


This Discussion