PIX 501

Unanswered Question
Aug 11th, 2008

I currently have a PIX 501 at a remote site and a site to site VPN to a ASA 5510. The remote site runs a POS software over the vpn that is located at HQ. The software will be running fine and the VPN drops and the application will freeze. The remote VPN is not able to intiate the vpn. We can RDP across teh VPN from HQ to remote and the VPN is reintiated and everything is good. This seems to be happening more and more and is becoming a large problem. Also, it seems if we do a constant ping from the remote side to the HQ server the VPN never causes a problem. Also, I have tried to disable keep alives on the ASA(HQ) side and this did not seem to help. Any help would be greatly appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
acomiskey Mon, 08/11/2008 - 10:55

You could run dead peer detection on both devices to keep the tunnel alive.

ASA

tunnel-group x.x.x.x ipsec-attributes

isakmp keepalive threshold 30 retry 2

PIX

isakmp keepalive 30 2

shoemakerjoel Wed, 08/13/2008 - 10:05

I actually having this same issue happen to two sites. I did the above on both and it seemed to fix one but not the other. Would you recommend to disable keep alives completely?

Actions

This Discussion