Hi, I've got a VPN3030 concentrator at head office with 10 Lan to Lan tunnels all going to Pix 501 6.3(5) at remote sites. Nine of them are fine but one of them keeps dropping the tunnel, usually a couple of times a day. Sometimes the tunnel is down for 5 minutes but usually it's down for an hour or more. Even with traffic from both sides trying to bring it up.
I put isakmp keepalives on the pix and this helped a bit, as in the tunnel used to be down for several hours every time but now it's usually down for shorter periods.
My first thought was that we had a bad ADSL connection at the remote site but I've set up constant pings to both the service provider router and to the outside interface of the pix and they never miss a ping (except the occasional 1 every few hours) so I don't think that's the cause of the problem. At the same time I've got a constant ping going to a couple of devices at the remote site through the tunnel and they time out for between a few minutes and an hour or so when the tunnel goes down.
All the pix firewalls at the remote sites are identically configured and they all terminate on the VPN3030 which is identically configured for all of the tunnels. Could I have a faulty pix 501 firewall? I thought traffic from either side should bring the tunnel up but it doesn't seem to do that for ages sometimes. Thanks, Pete.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :