Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
0
Helpful
3
Replies

L2L Tunnel dropping between Concentrator & Pix

piyush899
Level 1
Level 1

‎02-22-2008 07:36 AM

L2L Tunnel dropping between Concentrator & Pix because of inactivity.

As soon as peer start pinging us the tunnel come back, peer is using pix firewall.

FOR ike phase one, we have set the lifetime time set as 86400sec & for phase 2 is 28800

Labels:
0 Helpful
3 Replies 3

irisrios
Level 6
Level 6

‎02-28-2008 12:17 PM

When there is inactivity it is expected for the tunnel to drop for security reasons. Try to increase the timeout value for both the phase.

0 Helpful

cbuckingham
Level 1
Level 1

‎03-07-2008 12:26 PM

I was having the same issue with a L2L VPN from an ASA5505 to a PIX515 using 7.X and 8.X software...

I was using the SAME ACL for my NONAT and my CRYPTO MAP... ie ACL 100

I found that after creating a second ACL for my CRYPTO MAP, ACL 141, that was identical to my NONAT ACL 100.. eliminated my syslog errors and my inactivity drops stopped...

I added the new ACL for the crypto to both the PIX and the ASA; and then made sure to intiate the interesting traffic so start the ipsec tunnel so it would stay up in a productive state.

0 Helpful

cbuckingham
Level 1
Level 1
In response to cbuckingham

‎03-07-2008 02:28 PM

I just remembered... yes make sure the ACL's match on each end... I actually also disabled NAT-T as part of my changes..

If you provided a sample of your config I could compare...

0 Helpful
Customers Also Viewed These Support Documents