Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Tunnel Issue on PIX

Hello,

I just setup a VPN tunnel between 2 PIX's. But my PIX 501 drops the connection in about 10 minutes. What I noticed is that when I reload, I can ping outside ip addresses form the PIX and the tunnel is up. However, in 10 minutes the tunnel is down, I am not able to ping outside addreses anymore, but PC's behind the PIX still have full internet access. Any help will be greatly appreciated.

Thanks,

KDoshi

2 REPLIES

Re: VPN Tunnel Issue on PIX

Hi ..

Check the configuration on both PIXes .. what are the value for the security association and isakmp policy lifetime ..? The below values shoudl be OK but make sure they are the same in both PIXes.

crypto ipsec security-association lifetime seconds 43200 (<- 12 hours)

isakmp policy 20 lifetime 86400 (<-24 Hours)

Also of course make sure that when the tunnel is down both PIXes still have Internet connectivity

I hope it helps .. please rate if it it does !!!

New Member

Re: VPN Tunnel Issue on PIX

I had something like this happen.

Make sure your ISAKMP policies match. I had one site with the DH-Group 1 and the other one did not have any. This was causing my site without the DH1 to get disconnected.

132
Views
4
Helpful
2
Replies
CreatePlease to create content