Cisco Support Community
Community Member

LAN to LAN drops using Pix 501 to 3005 Concentrator

I am trying to establish a LAN to LAN VPN from a pix 501 at the remote office to a Cisco 3005 concentrator at our corporate office. At the Remote we have a DSL connection to the internet at 1.5 down 256 up. Corporate has a Fractional T1 for net access. I only have a couple of users on the line for testing purposes. The line will drop at various times and then within a minute it will re-establish by itself. We have added the IKE keepalive, ran a new cable from the DMAR to the DSL modem, and swapped the cable modem out and it still drops. Sometimes it will stay up for 45 minutes, sometimes 10. Very unpredictable.

I would appreciate any suggestions if anyone has had similar problems.

Community Member

Re: LAN to LAN drops using Pix 501 to 3005 Concentrator

Here is one possibility. While configuring the VPN, we define a) Interesting traffic and b) LIfetime. Is it possible that the lifetime configured is small and that user inactivity (or lack of interesting traffic) might be causing the VPN tunnel to be dropped. The simplest way to check this out is to compare the lifetime with the smallest recorded disconnection time. If the active time after which the connection drops is greater than the configured lifetime in all cases, then things are fine.

I dont think that the IKE keepalives will keep the tunnel up. It is just a mechanism to detect loss of a peer which is an enhancement over the previous setup, where except when the Quick Mode negotiation fails, there was no way to detect a loss of a peer.

CreatePlease to create content