Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 501 & VPN3030 Lan to Lan IPSec VPN Dropping

Hi, I've got a VPN3030 concentrator at head office with 10 Lan to Lan tunnels all going to Pix 501 6.3(5) at remote sites. Nine of them are fine but one of them keeps dropping the tunnel, usually a couple of times a day. Sometimes the tunnel is down for 5 minutes but usually it's down for an hour or more. Even with traffic from both sides trying to bring it up.

I put isakmp keepalives on the pix and this helped a bit, as in the tunnel used to be down for several hours every time but now it's usually down for shorter periods.

My first thought was that we had a bad ADSL connection at the remote site but I've set up constant pings to both the service provider router and to the outside interface of the pix and they never miss a ping (except the occasional 1 every few hours) so I don't think that's the cause of the problem. At the same time I've got a constant ping going to a couple of devices at the remote site through the tunnel and they time out for between a few minutes and an hour or so when the tunnel goes down.

All the pix firewalls at the remote sites are identically configured and they all terminate on the VPN3030 which is identically configured for all of the tunnels. Could I have a faulty pix 501 firewall? I thought traffic from either side should bring the tunnel up but it doesn't seem to do that for ages sometimes. Thanks, Pete.

CreatePlease to create content