L2L vpn networks unreachable randomly

Unanswered Question

I have a L2L VPN between a PIX (6.3.5) and Juniper. On the PIX side I have 5 networks and on the Juniper side there are 6 networks. All is well most of the time, however, randomly a network will become unreachable. Other networks at this location are reachable and it is not the same network every time that becomes unreachable. I've worked with both Cisco and Juniper on the issue and have narrowed it down to a rekeying issue. I can log into the PIX and run 'cl cry isa sa' and 'cl cry ips sa' to clear the associations and resolve the issue. My question is two fold 1) anyone experience anything like this when building a tunnel to a Juniper? 2) I'm not all that good at scripting and wonder if anyone can help me with putting together a script to log into the pix, get into conf mode...run the two above commands and then log out?

TIA

SA

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Fri, 08/28/2009 - 06:25

The problem might be with the IP pool assignment either through ASA/PIX or Radius server. Use the debug crypto command in order to verify that the netmask and IP addresses are correct. Also, verify that the pool does not include the network address and the broadcast address. Radius servers must be able to assign the proper IP addresses to the clients.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#vpnconn

Actions

This Discussion