03-07-2006 04:41 PM - edited 02-21-2020 02:18 PM
My site-to-site VPN between IOS 12.4(4)T1 and Checkpoint NG AI55 is have intermittent problem. I am using preshare key, 3DES/SHA for both phase 1 and 2, even have PFS turned off (for troublshooting), tunnel mode.
At random, the tunnel stops forwarding traffic. I am unable to reproduce problem consinstently. The IPSec SA are still in tact when problem happens. Had to "shut" one of the peer interface in order to clear out the IPSec SA forcing a complete renegotataion. That seems to solve the problem until the next random occurance.
Have anyone seen this problem? Any input would be appreciated. Thanks!!
03-07-2006 08:38 PM
Well I have seen it between PIX and router.
Can you try a isakmp keepalive 10 on the Router and see if it helps. If possible force the keepalive either side.
03-07-2006 11:21 PM
Isakmp keepalive would be the next thing I try. Do you know if the Cisco isakmp keepalive is compatible with Checkpoint keepalive protocol? I was told that the Checkpoint keepalive protocol is proprietary. Thanks!
03-09-2006 04:37 AM
It will be worth a try i would say. Let me know how it goes ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: