LAN to LAN drops using Pix 501 to 3005 Concentrator
I am trying to establish a LAN to LAN VPN from a pix 501 at the remote office to a Cisco 3005 concentrator at our corporate office. At the Remote we have a DSL connection to the internet at 1.5 down 256 up. Corporate has a Fractional T1 for net access. I only have a couple of users on the line for testing purposes. The line will drop at various times and then within a minute it will re-establish by itself. We have added the IKE keepalive, ran a new cable from the DMAR to the DSL modem, and swapped the cable modem out and it still drops. Sometimes it will stay up for 45 minutes, sometimes 10. Very unpredictable.
I would appreciate any suggestions if anyone has had similar problems.
Re: LAN to LAN drops using Pix 501 to 3005 Concentrator
Here is one possibility. While configuring the VPN, we define a) Interesting traffic and b) LIfetime. Is it possible that the lifetime configured is small and that user inactivity (or lack of interesting traffic) might be causing the VPN tunnel to be dropped. The simplest way to check this out is to compare the lifetime with the smallest recorded disconnection time. If the active time after which the connection drops is greater than the configured lifetime in all cases, then things are fine.
I dont think that the IKE keepalives will keep the tunnel up. It is just a mechanism to detect loss of a peer which is an enhancement over the previous setup, where except when the Quick Mode negotiation fails, there was no way to detect a loss of a peer.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...