Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
0
Helpful
2
Replies

router to PIX isakmp/ipsec renewal issue

nguyen
Level 1
Level 1

‎04-27-2006 01:18 PM - edited ‎02-21-2020 02:23 PM

I used the almost same config as

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

IOS router 12.0(7)T on 2621 (8MB flash)

PIX 515 6.2

the tunnel works fine during lifetime of 3600 seconds, then just after renegociation, it drops the connection.

the only way is to clear crypto sa on PIX and / or the router to re initialize the tunnel.

I tried PFS Y/N, I tried keepalive on both ends, always the same issue.

any idea?

Labels:
0 Helpful
2 Replies 2

Fernando_Meza
Level 7
Level 7

‎04-27-2006 05:52 PM

Hi I had similar issue ages ago but adding the below command on the router fixed teh issue

crypto isakmp keepalive 10

0 Helpful

nguyen
Level 1
Level 1
In response to Fernando_Meza

‎04-27-2006 10:51 PM

I have these keepalive on the PIX and the router.

But it is isakmp keepalive.

I think the pb comes from the ipsec renewal since it appears at the end of the lifetime of ipsec, not isakmp

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents