Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX 515 strange case

Unanswered Question
Feb 18th, 2006
User Badges:

Hi All,

Have one pix 515E and is having a wried problem in it. We have a machine which connects through this pix to establish a VPN tunnel using a VPN Client S/W to a another company VPN Concentrator, The problem comes after 8 hours of consistent connectivity that the vpn client S/W drops the connection and we have to reconnect it, according to this company there VPN concentrator renews the IP address lease after 8 hours and most probably our PIX drops the connection and VPN tunnel disconnects. the difficult part in all this is that i installed the syslog and tried to find any abnormal behaviour for this problem, but nothing which would relate or help me to diagnous this problem.

our senario is like this:

we have one leased line from the ISP which is terminated on the PIX.

we have group of IPs alloted by ISP to use

we have a static translation between this VPN machine IP to one outside IP.

we have access-lists allowing specific ports and protocols for this VPN client machine for both interfaces

we have isakmp nat-traversal enable on the PIX

the timeout values are as following. (default)

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

one important thing, if i connect the VPN tunnels without bringing the PIX in between connection, it does not disconnects and that is the reason i know it's the pix which is at some point making all the problem.. and yes there is no autodisconnection feature of this VPN client S/W

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion