Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

CheckPoint Secure Remote tunnel times out through 827 router

Help Please !

HQ : CP 4.1 SP4 Firewall

Remote Home VPN Users: Dialup or broadband connections

Remote Office: Secure Remote users behind a Cisco 827 dsl router (vs 12.2)

Problem: Remote home vpn users have no problem, but

Remote office users connect fine initially, but tunnel is dropped after twenty minutes. If the client is restarted, connection can be established with HQ. Also if you just continuously ping through the tunnel, all is fine. Please see config of 827 below.

version 12.1

no service single-slot-reload-enable

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption


hostname lsb827ppp


logging buffered 4096 informational

logging rate-limit console 10 except errors

enable password 7 xxxxxx


ip subnet-zero

no ip source-route

no ip finger

ip name-server 66.109.x.x

ip name-server 66.109.x.x

ip name-server 66.109.x.x


ip dhcp pool main



dns-server 66.109.x.x 66.109.x.x 66.109.x.x


ip dhcp-server

no ip dhcp-client network-discovery




interface Ethernet0

ip address

ip nat inside

no ip mroute-cache


interface Virtual-Template1

ip address negotiated

ip nat outside

ppp pap sent-username password 7 xxxx


interface ATM0

no ip address

no atm ilmi-keepalive


dsl operating-mode auto


interface ATM0.1 multipoint

pvc 0/35

encapsulation aal5mux ppp Virtual-Template1



ip classless

ip route 66.109.x.x

no ip http server


ip nat translation timeout 28800

ip nat translation udp-timeout 28800

ip nat translation finrst-timeout 28800

ip nat translation port-timeout udp 500 28800

ip nat translation port-timeout udp 2746 28800

ip nat pool natmain 66.109.x.x 66.109.x.x netmask

ip nat inside source list 1 pool natmain overload

access-list 1 permit


line con 0

password 7 xx


transport input none

stopbits 1

line vty 0 4

password 7 xx



scheduler max-task-time 5000





Re: CheckPoint Secure Remote tunnel times out through 827 router

The tunnel going down is not exactly a problem if there is no traffic. When the SA lifetime expires, renegotiation of the new SA takes place if there is traffic to be tunneled across. In the absence of 'interesting' traffic the SA will not be renegotiated. This would also explain the pings keeping your tunnel up. Another possibility that you should look into is that of routing issues.

CreatePlease to create content