ODBC connection times out / drops over PIX 515e site to site VPN

Unanswered Question
Aug 29th, 2008
User Badges:

I have a site to site VPN setup using a PIX 515e as the hub termination point at our data center. I have a PC at the remote site that traverses that PIX to get to a database on an IBM AIX server at the data center. This database connection never used to time out or drop prior to putting them on this VPN connection. (The site used to be directly connected with a 64k link). The entire site never drops or goes down, we have several monitors in place monitoring routers/servers etc. at that site that remain solid even when this database connection dies. Any thougts on how/why this db connection is continually dropping regardless of activity? Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Sat, 08/30/2008 - 08:06
User Badges:
  • Red, 2250 points or more

It could be the vpn related idle-timeout or a generic timeout on the PIX firewall.


You would have to monitor the 'show conn det | inc ' on the PIX to see if the PIX idle timer is reaching the configured timers.


Regards


Farrukh

cisco24x7 Sat, 08/30/2008 - 15:50
User Badges:
  • Silver, 250 points or more

I ran into an exact situation like yours, remote

PC with ODBC connection to an IBM AIX Server

running DB-2 database over a VPN with Pix as

the VPN termination. The ODBC connection

timeout even when the VPN tunnel is up and

running (I can confirm this because I have

a constant ping from the PC to the AIX Server

and with no ping loss.


I resolved the issue by terminating the VPN to

a Cisco 2811 router and just let the Pix

inspect the traffic after the traffics get

encrypted/decrytpted by the VPN router. After

that, the issue goes away.


I was under pressure to make this work so I

did not spend much time troubleshooting the VPN with Pix as the VPN termination endpoint,

but it is definitely the pix that caused this.

Actions

This Discussion