PIX Ver 7.0 VPN Issue

Unanswered Question
Jan 9th, 2006
User Badges:

PIX 535 with Ver 7.0(4) is used for multiple IPSEC VPN Tunnels. One of the Tunnel to a particular Location gives below problem: -


One of the IP Subnet (10.201.0.0) across the VPN Tunnel stops responding. Though the VPN tunnel remains up and also the other subnets across the same Tunnel to same location are reachable, only one subnet goes down. This happens randomly.


Subnet starts pinging after reloading PIX.


Attached here the Show Run of PIX with Problematic Tunnel config mark RED.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jackko Tue, 01/10/2006 - 10:17
User Badges:
  • Gold, 750 points or more

i believe the issue is not the local pix. it's a bit hard to say that the local pix does everything right but one subnet.


i suggest you to verify the remote peer device.


on the local pix, do "sh cry ips sa" to verify the number of packet being encrypted/decrypted, and do "deb ic t" to verify whether the echo request and reply flow.

Actions

This Discussion