cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
546
Views
0
Helpful
3
Replies

site-to-site VPN intermittent problem (IOS to Checkpoint NG AI)

denyu
Level 1
Level 1

My site-to-site VPN between IOS 12.4(4)T1 and Checkpoint NG AI55 is have intermittent problem. I am using preshare key, 3DES/SHA for both phase 1 and 2, even have PFS turned off (for troublshooting), tunnel mode.

At random, the tunnel stops forwarding traffic. I am unable to reproduce problem consinstently. The IPSec SA are still in tact when problem happens. Had to "shut" one of the peer interface in order to clear out the IPSec SA forcing a complete renegotataion. That seems to solve the problem until the next random occurance.

Have anyone seen this problem? Any input would be appreciated. Thanks!!

3 Replies 3

attrgautam
Level 5
Level 5

Well I have seen it between PIX and router.

Can you try a isakmp keepalive 10 on the Router and see if it helps. If possible force the keepalive either side.

Isakmp keepalive would be the next thing I try. Do you know if the Cisco isakmp keepalive is compatible with Checkpoint keepalive protocol? I was told that the Checkpoint keepalive protocol is proprietary. Thanks!

It will be worth a try i would say. Let me know how it goes ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: