VPN problem after internet disconnection

Unanswered Question

I made a VPN site 2 site connection using PIX515E on my side (not sure about device on other side). Today the VPN connection was down all the day. however i could ping the other site using the real IP using the firewall itself.

I had to clear the SA of ISAKMP and IPSEC in order to repair the problem. (clear crypto isakmp SA and clear crypto ipsec SA) So i wonder, what could be wrong ?

Both sites have similar config:



Hash: SHA-1

Diffie-Hellmann Group 2


IKE keepalive: No



Authent: esp-sha-hmac

PFS: no

SA lifetime: 3600sec, 4608000 kByte

I thought the devices themself should maintain the connection, refresh it on demand... However it seems like they're not doing so, anything i can do ?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
celiocarreto Mon, 02/09/2009 - 00:42
User Badges:


the only thing you can do is to enable "isakmp keepalive". With this command the pix sends periodically an "Are you there" paket to check the isakmp state.

But this must be supported from the other side!

Another way is maybe to reduce the isakmp lifetime.

Regards, Celio


This Discussion