Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

CheckPoint Secure Remote tunnel times out through 827 router

Help Please !

HQ : CP 4.1 SP4 Firewall

Remote Home VPN Users: Dialup or broadband connections

Remote Office: Secure Remote users behind a Cisco 827 dsl router (vs 12.2)

Problem: Remote home vpn users have no problem, but

Remote office users connect fine initially, but tunnel is dropped after twenty minutes. If the client is restarted, connection can be established with HQ. Also if you just continuously ping through the tunnel, all is fine. Please see config of 827 below.

version 12.1

no service single-slot-reload-enable

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname lsb827ppp

!

logging buffered 4096 informational

logging rate-limit console 10 except errors

enable password 7 xxxxxx

!

ip subnet-zero

no ip source-route

no ip finger

ip name-server 66.109.x.x

ip name-server 66.109.x.x

ip name-server 66.109.x.x

!

ip dhcp pool main

network 192.168.0.0 255.255.255.0

default-router 192.168.0.1

dns-server 66.109.x.x 66.109.x.x 66.109.x.x

!

ip dhcp-server 192.168.0.1

no ip dhcp-client network-discovery

!

!

!

interface Ethernet0

ip address 192.168.0.1 255.255.255.0

ip nat inside

no ip mroute-cache

!

interface Virtual-Template1

ip address negotiated

ip nat outside

ppp pap sent-username x.x.com password 7 xxxx

!

interface ATM0

no ip address

no atm ilmi-keepalive

bundle-enable

dsl operating-mode auto

!

interface ATM0.1 multipoint

pvc 0/35

encapsulation aal5mux ppp Virtual-Template1

!

!

ip classless

ip route 0.0.0.0 0.0.0.0 66.109.x.x

no ip http server

!

ip nat translation timeout 28800

ip nat translation udp-timeout 28800

ip nat translation finrst-timeout 28800

ip nat translation port-timeout udp 500 28800

ip nat translation port-timeout udp 2746 28800

ip nat pool natmain 66.109.x.x 66.109.x.x netmask 255.255.255.0

ip nat inside source list 1 pool natmain overload

access-list 1 permit 192.168.0.0 0.0.0.255

!

line con 0

password 7 xx

login

transport input none

stopbits 1

line vty 0 4

password 7 xx

login

!

scheduler max-task-time 5000

end

Thanks!!

Dave

1 REPLY
Bronze

Re: CheckPoint Secure Remote tunnel times out through 827 router

The tunnel going down is not exactly a problem if there is no traffic. When the SA lifetime expires, renegotiation of the new SA takes place if there is traffic to be tunneled across. In the absence of 'interesting' traffic the SA will not be renegotiated. This would also explain the pings keeping your tunnel up. Another possibility that you should look into is that of routing issues.

229
Views
0
Helpful
1
Replies
CreatePlease to create content