Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
0
Helpful
4
Replies

IPSEC unresponsive for unknown reason.

DanielO
Level 1
Level 1

‎10-02-2006 08:22 AM - edited ‎02-21-2020 02:38 PM

Hello all,

I have a handfull of IPSEC Tunnels that randomly become unresponsive. I have not been successfull in gathering any good information as to why. When I look at the debug logs, i see no traffic going up or down the tunnel. The tunnel is said to be connected according to ASDM. The only thing I can do at this point is to logout the tunnel through the ASDM and as soon as trafiic is initiated, the tunnel builds just fine. Any suggestions??? As far as I know, most of the remote firewalls are Checkpoints. Thank you.

Labels:
0 Helpful
4 Replies 4

bwalchez
Level 4
Level 4

‎10-06-2006 08:39 AM

Try to unconfigue and reconfigure the tunnel.A common configuration mistake is to use the same ACL for nat 0 and the static crypto maps.Refer the URL for troubleshooting on PIX

http://www.cisco.com/en/US/customer/tech/tk583/tk372/technologies_tech_note09186a008009448c.shtml#seriesofevents

0 Helpful

mcordiez
Level 1
Level 1

‎10-06-2006 12:47 PM

I'm experiencing the same problem with a tunnel between a Pix-515 and an 1811 router. The 1811 is a new addition (where Pix-506's are used on other tunnels) and has been a nightmare.

I upgraded from 7.0.4 to 7.0.6 and that fixed half the issue. I no longer have to "logout" the tunnel to get it working again. Unfortunately not all the problems have been solved as user's tcp sessions are broken several times a day.

What code level are you running?

0 Helpful

dparussalla
Level 1
Level 1
In response to mcordiez

‎10-15-2006 06:14 PM

I am having the same problem with 877 router connected to 1841 central router. randomly traffic don't go throught about an hour. Then within a hour it get the traffic back.

During the outage time i can't even ping the lan interface in the central site.

any help

0 Helpful

DanielO
Level 1
Level 1
In response to dparussalla

‎10-16-2006 07:13 AM

I may have found the problem. After comparing all my configurations with the remote administrator we found that our timings are different. His rekey time was much shorter than mine, so we suspect that this could be the cause. We changed our timings to match just Friday, so I will let you know if this appears to fix the issue.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents