Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX Tunnel Lockup/Crash

I have a PIX to PIX tunnel running from Head Office (515) to a branch office (520). I have second tunnel running from another branch office's router (1710) to the Head Office PIX. Most of the time, performance of these two tunnels is good/reliable. However, now and then, in the early morning hours, the tunnel stops passing packets to the branch offices. These outages (no ping response from branch office) can last for a few minutes, and then the tunnel returns to a functional state without intervention. The PIX is not down, only the tunnel.

I'm assuming the problem is with the Head Office PIX, as it's the termination point for both tunnels. We have WINS/DNS, the usual MS traffic, running across the tunnels all day without incident.

Does anyone have any ideas why this may be happening? I see nothing (traffic patterns, errors, etc...) in the Syslogs that indicate a problem prior to the lockups. Why do lockups occur only during periods of low traffic (early mornings/weekends)?

Thanks very much for your assistance.

3 REPLIES
New Member

Re: PIX Tunnel Lockup/Crash

I ran across the same thing between a PIX and a 1700. If the tunnel was left up it would disconnect for no reason, stay dosconnected and then reconnect on its own. During the disconnection I could clear the ISAKMP SA and get it to work. The only resolution I got from TAC was to increase the lifetime. After that it seamed to go away...

New Member

Re: PIX Tunnel Lockup/Crash

Thanks for the response.

Unfortunately, the lifetimes on both the 1710 and the PIX are already set to 86400s (max).

New Member

Re: PIX Tunnel Lockup/Crash

Also, I was getting a "SPURIOS MEMORY ERROR" on the 1710 that was taking down the router. It was very infrequent and TAC had no real solution. I only saw it a few times during testing and never in production.

97
Views
0
Helpful
3
Replies