Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
582
Views
0
Helpful
3
Replies

Problems with Sage line 500 over site to site vpn

marceyres
Level 1
Level 1

‎07-20-2006 03:39 AM - edited ‎02-21-2020 02:32 PM

we have installed two 501's pix's in two remote sites for a customer. These sites link via a site to site vpn to the customers head office. Now each vpn links from the pix to a watchguard firewall. At the remote site they run the usual office applications and everything run fine communicating back to the head office apart from Sage line 500 client application.

The users complain that when they are using the sage client, they move away from the machine and within several minutes the application times out.

Now the reason why these two sites have pix firewall's is becuase before they had Watchguard soho firewalls onsite, but they were causing issues with the vpn and kept crashing intermittantly. Since the pix firewall's are now in place the vpn connection is stable and runs fine without any problems, apart from Sage that is.

I have asked a sage support company to check out the sage server and they cannot see any problems. Everything else is fine on the vpn connection and I also cannot see any errors appearing in the vpn on the pix.

Also the customer has many other sites using sage client application is these two remote sites do, but there link to head office is via a kilostream link and they have never experienced this issue.

I want to find a solution to this problem , but I don't see why we should place the soho boxes back in to sort out this one application.

Marc.

Labels:
0 Helpful
3 Replies 3

grant.maynard
Level 4
Level 4

‎07-20-2006 04:34 AM

"show timeout" on the PIX to see TCP session timeout. Also enable logging and watch to see sessions being set up and torn down.

0 Helpful

marceyres
Level 1
Level 1
In response to grant.maynard

‎07-20-2006 06:17 AM

Here is the current timeout settings:-

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:30:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

I have just change the half-closed time from ten minutes to thirty.

Also I have enabled logging and have the logging set to debugging. How can I get the logging to out put to the console?

Marc.

0 Helpful

marceyres
Level 1
Level 1
In response to marceyres

‎07-20-2006 06:22 AM

It ok ive worked out how the logging works.

Would you say these timeout setting look correct?

Marc.

0 Helpful
Customers Also Viewed These Support Documents