Pix 501 & VPN3030 Lan to Lan IPSec VPN Dropping

Unanswered Question
Apr 3rd, 2008
User Badges:

Hi, I've got a VPN3030 concentrator at head office with 10 Lan to Lan tunnels all going to Pix 501 6.3(5) at remote sites. Nine of them are fine but one of them keeps dropping the tunnel, usually a couple of times a day. Sometimes the tunnel is down for 5 minutes but usually it's down for an hour or more. Even with traffic from both sides trying to bring it up.

I put isakmp keepalives on the pix and this helped a bit, as in the tunnel used to be down for several hours every time but now it's usually down for shorter periods.

My first thought was that we had a bad ADSL connection at the remote site but I've set up constant pings to both the service provider router and to the outside interface of the pix and they never miss a ping (except the occasional 1 every few hours) so I don't think that's the cause of the problem. At the same time I've got a constant ping going to a couple of devices at the remote site through the tunnel and they time out for between a few minutes and an hour or so when the tunnel goes down.

All the pix firewalls at the remote sites are identically configured and they all terminate on the VPN3030 which is identically configured for all of the tunnels. Could I have a faulty pix 501 firewall? I thought traffic from either side should bring the tunnel up but it doesn't seem to do that for ages sometimes. Thanks, Pete.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion