I have a PIX to PIX tunnel running from Head Office (515) to a branch office (520). I have second tunnel running from another branch office's router (1710) to the Head Office PIX. Most of the time, performance of these two tunnels is good/reliable. However, now and then, in the early morning hours, the tunnel stops passing packets to the branch offices. These outages (no ping response from branch office) can last for a few minutes, and then the tunnel returns to a functional state without intervention. The PIX is not down, only the tunnel.
I'm assuming the problem is with the Head Office PIX, as it's the termination point for both tunnels. We have WINS/DNS, the usual MS traffic, running across the tunnels all day without incident.
Does anyone have any ideas why this may be happening? I see nothing (traffic patterns, errors, etc...) in the Syslogs that indicate a problem prior to the lockups. Why do lockups occur only during periods of low traffic (early mornings/weekends)?
I ran across the same thing between a PIX and a 1700. If the tunnel was left up it would disconnect for no reason, stay dosconnected and then reconnect on its own. During the disconnection I could clear the ISAKMP SA and get it to work. The only resolution I got from TAC was to increase the lifetime. After that it seamed to go away...
Also, I was getting a "SPURIOS MEMORY ERROR" on the 1710 that was taking down the router. It was very infrequent and TAC had no real solution. I only saw it a few times during testing and never in production.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...