PIX 501

Unanswered Question
Aug 11th, 2008
User Badges:

I currently have a PIX 501 at a remote site and a site to site VPN to a ASA 5510. The remote site runs a POS software over the vpn that is located at HQ. The software will be running fine and the VPN drops and the application will freeze. The remote VPN is not able to intiate the vpn. We can RDP across teh VPN from HQ to remote and the VPN is reintiated and everything is good. This seems to be happening more and more and is becoming a large problem. Also, it seems if we do a constant ping from the remote side to the HQ server the VPN never causes a problem. Also, I have tried to disable keep alives on the ASA(HQ) side and this did not seem to help. Any help would be greatly appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
acomiskey Mon, 08/11/2008 - 10:55
User Badges:
  • Green, 3000 points or more

You could run dead peer detection on both devices to keep the tunnel alive.


tunnel-group x.x.x.x ipsec-attributes

isakmp keepalive threshold 30 retry 2


isakmp keepalive 30 2

shoemakerjoel Wed, 08/13/2008 - 10:05
User Badges:

I actually having this same issue happen to two sites. I did the above on both and it seemed to fix one but not the other. Would you recommend to disable keep alives completely?


This Discussion