02-22-2008 07:36 AM
L2L Tunnel dropping between Concentrator & Pix because of inactivity.
As soon as peer start pinging us the tunnel come back, peer is using pix firewall.
FOR ike phase one, we have set the lifetime time set as 86400sec & for phase 2 is 28800
02-28-2008 12:17 PM
When there is inactivity it is expected for the tunnel to drop for security reasons. Try to increase the timeout value for both the phase.
03-07-2008 12:26 PM
I was having the same issue with a L2L VPN from an ASA5505 to a PIX515 using 7.X and 8.X software...
I was using the SAME ACL for my NONAT and my CRYPTO MAP... ie ACL 100
I found that after creating a second ACL for my CRYPTO MAP, ACL 141, that was identical to my NONAT ACL 100.. eliminated my syslog errors and my inactivity drops stopped...
I added the new ACL for the crypto to both the PIX and the ASA; and then made sure to intiate the interesting traffic so start the ipsec tunnel so it would stay up in a productive state.
03-07-2008 02:28 PM
I just remembered... yes make sure the ACL's match on each end... I actually also disabled NAT-T as part of my changes..
If you provided a sample of your config I could compare...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide