Re: PIX 515 stops all traffic to Cisco VPN Concetrator 3030 ever
I am guessing the failure occurs when the key lifetime expires (maybe not everytime it expires but on some) - similar to bug CSCds53316. Try to debug on the PIX - debug crypto engine (show encrypted traffic), debug crypto ipsec (IPSec negotiations of phase 2), debug crypto isakmp (the ISAKMP negotiations of phase 1). Look to see error messages.
Does all traffic stop, or just IPSEC? Does it correspond to high traffic throughput when this happens?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...