Have one pix 515E and is having a wried problem in it. We have a machine which connects through this pix to establish a VPN tunnel using a VPN Client S/W to a another company VPN Concentrator, The problem comes after 8 hours of consistent connectivity that the vpn client S/W drops the connection and we have to reconnect it, according to this company there VPN concentrator renews the IP address lease after 8 hours and most probably our PIX drops the connection and VPN tunnel disconnects. the difficult part in all this is that i installed the syslog and tried to find any abnormal behaviour for this problem, but nothing which would relate or help me to diagnous this problem.
our senario is like this:
we have one leased line from the ISP which is terminated on the PIX.
we have group of IPs alloted by ISP to use
we have a static translation between this VPN machine IP to one outside IP.
we have access-lists allowing specific ports and protocols for this VPN client machine for both interfaces
we have isakmp nat-traversal enable on the PIX
the timeout values are as following. (default)
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
one important thing, if i connect the VPN tunnels without bringing the PIX in between connection, it does not disconnects and that is the reason i know it's the pix which is at some point making all the problem.. and yes there is no autodisconnection feature of this VPN client S/W